Submit #824924: lharries whatsapp-mcp v0.0.1 Path Traversalinfo

Titlelharries whatsapp-mcp v0.0.1 Path Traversal
DescriptionA CWE-22 (Path Traversal) vulnerability exists in the sendWhatsAppMessage function at main.go:237. The mediaPath parameter, received from user input via the /api/send HTTP endpoint, is passed directly to os.ReadFile() without any validation, sanitization, or path restriction checks. The application does not verify that the provided path is within an allowed directory or sanitize path traversal sequences (../). More Details: https://github.com/lharries/whatsapp-mcp/issues/241
Source⚠️ https://github.com/lharries/whatsapp-mcp/issues/241
User
 ybdesire (UID 83239)
Submission05/10/2026 14:51 (2 months ago)
Moderation05/31/2026 14:51 (21 days later)
StatusAccepted
VulDB entry367544 [lharries whatsapp-mcp 0.0.1 Send API Endpoint whatsapp-bridge/main.go SendMessageRequest mediaPath path traversal]
Points20

Want to know what is going to be exploited?

We predict KEV entries!