Primary

Context

Nanobot WebSocket Server Binding Vulnerability in WhatsApp Bridge Component Allowing Session Hijacking

Vulnerability

A vulnerability exists in the WhatsApp bridge component of Nanobot, where the WebSocket server is bound to all network interfaces on port 3001 by default. This server does not require authentication for incoming connections. As a result, an unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server and hijack the associated WhatsApp session. This exploitation allows the attacker to send messages on behalf of the user, intercept all incoming messages and media in real-time, and capture authentication QR codes.

Impact

Exploitation of this vulnerability allows for complete hijacking of the linked WhatsApp session, enabling an attacker to send messages as the user, intercept incoming messages and media in real-time, and capture QR codes used for authentication.

Remediation

Users are advised to upgrade to Nanobot version 0.1.3.post7 or later.

Added: Feb 16, 2026, 11:20 AM

Updated: Feb 16, 2026, 11:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nanobot WebSocket Server Binding Vulnerability in WhatsApp Bridge Component Allowing Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating