Hkuds Nanobot vulnerabilities
6 known vulnerabilities affecting hkuds/nanobot.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-2577P2CRITICALCVSS 10.0fixed in 0.1.52026-02-16
CVE-2026-2577 [CRITICAL] CWE-306 CVE-2026-2577: The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to hijack the WhatsApp session. This allows the attacker
nvd
CVE-2026-33654P2CRITICALCVSS 9.8fixed in 0.1.4.post62026-03-27
CVE-2026-33654 [CRITICAL] CWE-94 CVE-2026-33654: nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerabili
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and subsequently, system tools) without any interaction from the bot owner. By sending
nvd
CVE-2026-48716P3HIGHCVSS 8.7≤ 0.1.5.post32026-06-18
CVE-2026-48716 [HIGH] CWE-22 CVE-2026-48716: nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge
nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes them to disk using a filename derived from the sender's mes
nvd
CVE-2026-49139P3HIGHCVSS 7.0fixed in 0.2.12026-06-01
CVE-2026-49139 [HIGH] CWE-918 CVE-2026-49139: Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the stored conversation reference by sending a crafted inboun
nvd
CVE-2026-49138P4MEDIUMCVSS 5.0fixed in 0.2.12026-06-01
CVE-2026-49138 [MEDIUM] CWE-918 CVE-2026-49138: Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the automatic HTTP redirect following behavior in the htt
nvd
CVE-2026-49140P4MEDIUMCVSS 4.3fixed in 0.2.12026-06-01
CVE-2026-49140 [MEDIUM] CWE-770 CVE-2026-49140: Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel medi
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurrent Matrix media events with omitted or invalid declare
nvd