CVE-2026-2577
Received Received - Intake
Unauthenticated WebSocket Access in Nanobot WhatsApp Bridge Enables Session Hijacking

Publication date: 2026-02-16

Last updated on: 2026-02-16

Assigner: Tenable Network Security, Inc.

Description
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to hijack the WhatsApp session. This allows the attacker to send messages on behalf of the user, intercept all incoming messages and media in real-time, and capture authentication QR codes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-16
Last Modified
2026-02-16
Generated
2026-06-16
AI Q&A
2026-02-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2577
EUVD
EUVD-2026-6101
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nanobot nanobot 0.1.3.post7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in CVE-2026-2577 affects the WhatsApp bridge component of Nanobot. The WebSocket server is bound to all network interfaces (0.0.0.0) on port 3001 by default and does not require any authentication for incoming connections.

This means that an unauthenticated remote attacker who has network access to the bridge can connect to the WebSocket server and hijack the WhatsApp session linked to it.

Exploitation allows the attacker to send messages impersonating the user, intercept all incoming messages and media in real time, and capture authentication QR codes.

Impact Analysis

This vulnerability can have severe impacts on confidentiality and integrity of your WhatsApp communications.

  • An attacker can send messages on your behalf, potentially misleading your contacts or causing reputational damage.
  • The attacker can intercept all incoming messages and media in real time, leading to loss of privacy and exposure of sensitive information.
  • Authentication QR codes can be captured, allowing persistent unauthorized access to your WhatsApp session.

The vulnerability has a critical severity rating with a CVSS score of 10.0, indicating a high risk to confidentiality and integrity but no impact on availability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the Nanobot WhatsApp bridge server is running and listening on port 3001 bound to all network interfaces (0.0.0.0) without authentication.

You can use network scanning or port checking commands to identify if the service is exposed.

  • Use netstat or ss to check listening ports and interfaces: `netstat -tuln | grep 3001` or `ss -tuln | grep 3001`
  • Use nmap to scan the target system for open port 3001: `nmap -p 3001 <target-ip>`
  • Attempt to connect to the WebSocket server on port 3001 to see if authentication is required, for example using `websocat` or a WebSocket client.
Mitigation Strategies

The immediate mitigation step is to upgrade Nanobot to version 0.1.3.post7 or later, which fixes the vulnerability by binding the WhatsApp bridge server to localhost and adding optional token authentication.

Until the upgrade can be applied, restrict network access to port 3001 to trusted hosts only, for example by using firewall rules to block external access.

Consider disabling or stopping the WhatsApp bridge service if it is not required.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart