CVE-2026-10264
CWE-22Published: June 1, 2026· Updated: Jun 1, 2026
Official Description
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
Technical Analysis
CVE-2026-10264 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (8)
Quick Facts
Related CVEs (CWE-22)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-10264 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts