VYPR

Nanobot

by Hkuds

Source repositories

CVEs (7)

  • CVE-2026-2577CriFeb 16, 2026
    risk 0.65cvss 10.0epss 0.01

    The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the…

  • CVE-2026-33654CriMar 27, 2026
    risk 0.57cvss 9.8epss 0.00

    nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and…

  • CVE-2026-35589HigApr 14, 2026
    risk 0.45cvss 8.0epss 0.00

    nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the…

  • CVE-2026-49139HigJun 1, 2026
    risk 0.39cvss epss 0.00

    Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value.…

  • CVE-2026-49138MedJun 1, 2026
    risk 0.26cvss 5.0epss 0.00

    Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header.…

  • CVE-2026-49140MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send…

  • CVE-2026-48716Jun 18, 2026
    risk 0.00cvss epss 0.00

    nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media…