Hkuds Nanobot
6 CVEs affecting Hkuds Nanobot. Latest disclosed: 2026-06-01. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2577 | Critical | 10.0 | 2026-02-16 | The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentica… |
CVE-2026-35589 | High | 8.0 | 2026-04-14 | nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket ser… |
CVE-2026-49138 | Medium | 5.0 | 2026-06-01 | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or pri… |
CVE-2026-49140 | Medium | 4.3 | 2026-06-01 | Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members t… |
CVE-2026-49139 | | 2026-06-01 | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfi… | |
CVE-2026-33654 | | 2026-03-27 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/… |