CVE-2026-48716
Received Received - Intake
Path Traversal in Nanobot WhatsApp Bridge

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes them to disk using a filename derived from the sender's message via documentMessage.fileName, which is concatenated with a prefix and its raw value is passed directly to path.join(mediaDir, outFilename). Node.js path.join resolves .. components, allowing an attacker to escape the intended media/ directory by sending a document with a crafted fileName such as ../../../.ssh/authorized_keys. Because the attacker also controls the file content (the downloaded buffer), this is a write-anywhere primitive β€” both path and content are attacker-controlled. A fix for this issue is planned for version 0.1.5.post4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-48716
EUVD
EUVD-2026-37933
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts including unauthorized file writes anywhere on the filesystem. An attacker can overwrite critical files such as SSH authorized_keys to create backdoors, manipulate cron jobs for persistence, alter configuration files, or achieve remote code execution by overwriting Python .pth files.

The vulnerability has a high severity score of 8.7 due to its network attack vector, no required privileges or user interaction, and its ability to compromise integrity and availability.

Executive Summary

CVE-2026-48716 is a path traversal vulnerability in the nanobot npm package's WhatsApp bridge (versions 0.1.5.post3 and prior). The vulnerability arises because the bridge constructs filesystem paths using unsanitized filenames from incoming WhatsApp document messages. Specifically, the filename from the message is concatenated with a prefix and passed directly to Node.js path.join(), which resolves '..' components. This allows an attacker to craft filenames containing directory traversal sequences (e.g., ../../../.ssh/authorized_keys) to escape the intended media directory.

Because the attacker controls both the filename and the file content, they can write arbitrary files anywhere on the filesystem where the nanobot process has write permissions. This is known as a write-anywhere primitive.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious file writes outside the intended media directory by the nanobot WhatsApp bridge component. Specifically, look for files created or modified in unexpected locations such as ~/.ssh/authorized_keys or other critical system paths that could indicate path traversal exploitation.

You can check the filesystem for recently created or modified files that match suspicious patterns or locations. For example, use commands like:

  • find /path/to/nanobot/media -type f -mtime -1
  • find / -name authorized_keys -mtime -1 2>/dev/null
  • grep -r --include='whatsapp.ts' 'fileName' /path/to/nanobot/bridge/src/

Additionally, network monitoring for unusual WhatsApp document messages containing filenames with directory traversal sequences (e.g., ../../../) could help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade nanobot to version 0.1.5.post4 or later, where the vulnerability is fixed by sanitizing filenames using path.basename(), applying character allowlisting, and adding boundary checks to prevent path traversal.

If upgrading is not immediately possible, consider implementing manual input validation or sanitization on the fileName field in the WhatsApp bridge code to reject or sanitize filenames containing directory traversal sequences like '..' or '/' before they are passed to path.join.

Also, restrict filesystem permissions of the media directory and other sensitive paths to limit the impact of any unauthorized file writes.

Compliance Impact

The vulnerability allows an attacker to write arbitrary files anywhere on the filesystem by exploiting path traversal in the nanobot WhatsApp bridge. This can lead to unauthorized modification of critical files, potentially enabling remote code execution or persistence mechanisms.

Such unauthorized file writes and potential system compromise could result in breaches of data integrity and availability, which are key concerns in compliance frameworks like GDPR and HIPAA.

Specifically, if personal or sensitive data is affected or exposed due to this vulnerability, it could lead to violations of data protection requirements under these regulations.

Therefore, this vulnerability poses a significant risk to maintaining compliance with standards that mandate strict controls over data integrity, confidentiality, and system security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48716. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart