Description
nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to 127.0.0.1 and added an optional BRIDGE_TOKEN parameter, but token authentication is disabled by default and the server does not validate the Origin header during the WebSocket handshake. Because browsers do not enforce the Same-Origin Policy on WebSockets unless the server explicitly denies cross-origin connections, any website visited by a user running the bridge can establish a WebSocket connection to ws://127.0.0.1:3001/ and gain full access to the bridge API. This allows an attacker to hijack the WhatsApp session, read incoming messages, steal authentication QR codes, and send messages on behalf of the user. This issue has bee fixed in version 0.1.5.
Published: 2026-04-14
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

nanobot, a personal AI assistant, contains a Cross‑Site WebSocket Hijacking flaw that was partially remedied in a prior CVE. The server runs at 127.0.0.1 on port 3001 and accepts WebSocket connections without validating the Origin header or enforcing token authentication, which remains disabled by default. An attacker can craft a webpage that a user visited while running nanobot; the webpage can open a WebSocket to the local server and gain unrestricted access to the WhatsApp Bridge API. The resulting compromise lets the attacker read messages, capture authentication QR codes, and send messages on the victim’s behalf, effectively providing remote command execution over the bridge. This weakness is listed under CWE‑1385.

Affected Systems

The vulnerability affects the HKUDS nanobot application, specifically any installation running a Bridge backend version older than 0.1.5. The affected component is the WebSocket server defined in bridge/src/server.ts. Users who have not applied the v0.1.5 release are at risk.

Risk and Exploitability

The CVSS score of 8.0 classifies the flaw as high severity. EPSS data is not available, so the exploit probability is unknown, and the issue is not currently catalogued in the CISA KEV list. Attacks require a user to be running the bridge and to visit a malicious site that initiates the WebSocket handshake; the browser does not enforce Same‑Origin Policy on WebSockets unless the server explicitly rejects cross‑origin traffic. If an attacker can trick a user into meeting these conditions, the bridge can be hijacked to perform arbitrary actions on the victim’s WhatsApp account.

Generated by OpenCVE AI on April 15, 2026 at 00:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the nanobot Bridge to version 0.1.5 or later to apply the official fix that enables BRIDGE_TOKEN authentication by default and introduces Origin header validation.
  • If upgrading immediately is not possible, manually enable the required BRIDGE_TOKEN parameter and restrict client access to the WebSocket server by firewall rules so that only trusted internal processes or localhost can connect.
  • Modify the server configuration to reject connections whose Origin header does not match the bridge’s own origin, thereby enforcing cross‑origin restrictions even if the token remains disabled.

Generated by OpenCVE AI on April 15, 2026 at 00:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Nanobot
Nanobot nanobot
CPEs cpe:2.3:a:nanobot:nanobot:*:*:*:*:*:python:*:*
Vendors & Products Nanobot
Nanobot nanobot

Wed, 15 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Hkuds
Hkuds nanobot
Vendors & Products Hkuds
Hkuds nanobot

Tue, 14 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Description nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to 127.0.0.1 and added an optional BRIDGE_TOKEN parameter, but token authentication is disabled by default and the server does not validate the Origin header during the WebSocket handshake. Because browsers do not enforce the Same-Origin Policy on WebSockets unless the server explicitly denies cross-origin connections, any website visited by a user running the bridge can establish a WebSocket connection to ws://127.0.0.1:3001/ and gain full access to the bridge API. This allows an attacker to hijack the WhatsApp session, read incoming messages, steal authentication QR codes, and send messages on behalf of the user. This issue has bee fixed in version 0.1.5.
Title nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)
Weaknesses CWE-1385
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Hkuds Nanobot
Nanobot Nanobot
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-15T16:14:06.128Z

Reserved: 2026-04-03T20:09:02.828Z

Link: CVE-2026-35589

cve-icon Vulnrichment

Updated: 2026-04-15T16:06:52.475Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T23:16:29.130

Modified: 2026-04-23T17:39:07.313

Link: CVE-2026-35589

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:31:57Z

Weaknesses