CVE ID :CVE-2026-48716 Published : June 18, 2026, 6:46 p.m. | 6 hours, 23 minutes ago Description :nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-48716 - nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

VERWANDTEARTIKEL

CVE-2026-8806 - Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

AutoJack: How a single page can RCE the host running your AI agent

CVE-2026-40624 - AVer PTC cameras Files or Directories Accessible to External Parties

CVE-2026-12048 - pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

CVE-2026-12046 - pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

CVE-2026-12045 - pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution