CVE-2026-10264EPSS p17.7%

CVE-2026-10264CVE-2026-10264

Description

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.

Scoring

CVSS 3.5 ()
VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS0.27% probability of exploitation · percentile 17.7% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2577
CVE
Meta Platforms WhatsApp Incorrect Authorization Vulnerability
CVE
CVE-2025-6855
CVE
CVE-2026-4858
CVE
CVE-2026-10650
CVE
CVE-2026-41972
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.