An unauthenticated remote attacker can hijack active WhatsApp sessions and intercept private messages or media by connecting to an unprotected WebSocket server exposed by Nanobot.

This critical flaw involves the WhatsApp bridge component binding its WebSocket server to all network interfaces (0.0.0.0) on port 3001 without requiring authentication. This allows an unauthenticated remote attacker to gain full control over the session, including the ability to capture authentication QR codes.

A successful exploit results in a total compromise of communication confidentiality and integrity. Attackers can impersonate users, send fraudulent messages, and steal sensitive media in real-time. Given the CVSS score of 10.0, this represents the highest possible risk level, potentially leading to severe reputational damage and legal liability for compromised private data.

Immediate Action: Update the affected component to the latest secure version immediately and ensure the WebSocket server is configured to bind only to localhost or requires robust authentication.

Proactive Monitoring: Audit network configurations to identify any unauthorized services listening on port 3001 and review connection logs for unusual IP addresses accessing the bridge.

Compensating Controls: Implement firewall rules to restrict access to port 3001 to known, trusted internal IP addresses only, effectively blocking external unauthenticated access.

Public Exploit Available: false

The maximum CVSS score of 10.0 demands immediate attention. Organizations utilizing the Nanobot WhatsApp bridge must prioritize patching and network isolation. Failure to secure this endpoint allows for trivial session hijacking, making the application a high-value target for malicious actors.