WebSocket Server Vulnerability in Nanobot WhatsApp Bridge Component
CVE-2026-2577

10CRITICAL

Key Information:

Vendor: Hkuds
Status: Nanobot
Vendor: CVE Published:; 16 February 2026

What is CVE-2026-2577?

The WhatsApp bridge component in Nanobot exposes a WebSocket server bound to all network interfaces (0.0.0.0) on port 3001 by default, lacking authentication for incoming connections. This vulnerability allows an unauthenticated remote attacker with network access to connect to the WebSocket server, potentially leading to WhatsApp session hijacking. Such access permits the attacker to send messages impersonating the user, intercept incoming messages and media in real-time, and capture vital authentication QR codes, thus compromising user accounts and privacy.

Affected Version(s)

nanobot 0 < 0.1.3.Post7

References

https://www.tenable.com/security/research/tra-2026-09

https://github.com/HKUDS/nanobot/releases/tag/v0.1.3.post7

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-2577 Data

JSON

Hkuds

What is CVE-2026-2577?

Affected Version(s)

References

CVSS V3.1

Timeline