CVE-2026-48716: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in HKUDS nanobot
A path traversal vulnerability (CWE-22) exists in the HKUDS nanobot personal AI assistant in versions 0.1.5.post3 and earlier. The WhatsApp bridge component improperly constructs filesystem paths from unsanitized user-supplied filenames, allowing an attacker to write files outside the intended media directory. This enables arbitrary file write with attacker-controlled content and path. A fix is planned for version 0.1.5.post4 but not yet available.
AI Analysis
Technical Summary
In HKUDS nanobot versions 0.1.5.post3 and prior, the WhatsApp bridge (bridge/src/whatsapp.ts) uses the fileName field from incoming WhatsApp document messages without sanitization when constructing filesystem paths. The raw fileName is concatenated with a prefix and passed to Node.js path.join(mediaDir, outFilename). Because path.join resolves '..' components, an attacker can craft a fileName containing directory traversal sequences (e.g., '../../../.ssh/authorized_keys') to escape the intended media directory. Since the attacker also controls the file content, this results in an arbitrary file write vulnerability. This vulnerability is tracked as CVE-2026-48716 with a CVSS 3.1 score of 8.7 (high severity). A fix is planned for version 0.1.5.post4 but no patch is currently available.
Potential Impact
An attacker can write arbitrary files to any location on the filesystem accessible by the nanobot process by sending a specially crafted WhatsApp document message. This can lead to integrity violations and potential denial of service or further compromise depending on the files overwritten. Confidentiality is not directly impacted, but integrity and availability impacts are high.
Mitigation Recommendations
No official fix or patch is currently available. A fix is planned for version 0.1.5.post4. Until then, users should avoid processing untrusted WhatsApp document messages or disable the WhatsApp bridge component if possible. Monitor vendor advisories for the release of the official patch and apply it promptly once available.
CVE-2026-48716: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in HKUDS nanobot
Description
A path traversal vulnerability (CWE-22) exists in the HKUDS nanobot personal AI assistant in versions 0.1.5.post3 and earlier. The WhatsApp bridge component improperly constructs filesystem paths from unsanitized user-supplied filenames, allowing an attacker to write files outside the intended media directory. This enables arbitrary file write with attacker-controlled content and path. A fix is planned for version 0.1.5.post4 but not yet available.
CVSS v3.1
Score 8.7high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In HKUDS nanobot versions 0.1.5.post3 and prior, the WhatsApp bridge (bridge/src/whatsapp.ts) uses the fileName field from incoming WhatsApp document messages without sanitization when constructing filesystem paths. The raw fileName is concatenated with a prefix and passed to Node.js path.join(mediaDir, outFilename). Because path.join resolves '..' components, an attacker can craft a fileName containing directory traversal sequences (e.g., '../../../.ssh/authorized_keys') to escape the intended media directory. Since the attacker also controls the file content, this results in an arbitrary file write vulnerability. This vulnerability is tracked as CVE-2026-48716 with a CVSS 3.1 score of 8.7 (high severity). A fix is planned for version 0.1.5.post4 but no patch is currently available.
Potential Impact
An attacker can write arbitrary files to any location on the filesystem accessible by the nanobot process by sending a specially crafted WhatsApp document message. This can lead to integrity violations and potential denial of service or further compromise depending on the files overwritten. Confidentiality is not directly impacted, but integrity and availability impacts are high.
Mitigation Recommendations
No official fix or patch is currently available. A fix is planned for version 0.1.5.post4. Until then, users should avoid processing untrusted WhatsApp document messages or disable the WhatsApp bridge component if possible. Monitor vendor advisories for the release of the official patch and apply it promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-22T18:47:27.755Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a344c3bf198dc38c1709d75
Added to database: 6/18/2026, 7:51:23 PM
Last enriched: 6/18/2026, 8:05:21 PM
Last updated: 6/18/2026, 10:03:14 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.