Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
WhatsApp Bridge on Nanobot Exposes Session to Unauthorized Access
CVE-2026-2577
Summary
The WhatsApp bridge in Nanobot is set to accept connections from any device without a password, allowing an unauthorized person to take control of your WhatsApp account and send messages, read your messages, and see photos and videos you receive. This is a security risk because it makes it easy for an attacker to access your WhatsApp account without your knowledge. To fix this, update your Nanobot setup to use a secure connection and authentication.
Original title
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections. An unau...
Original description
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to hijack the WhatsApp session. This allows the attacker to send messages on behalf of the user, intercept all incoming messages and media in real-time, and capture authentication QR codes.
nvd CVSS3.1
10.0
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 16 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026