A vulnerability, which was classified as critical , has been found in lharries whatsapp-mcp 0.0.1 . Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint . This manipulation of the argument mediaPath causes path traversal. This vulnerability appears as CVE-2026-10264 . The attacker needs to be present on the local network. In addition, an exploit is available. It is recommended to apply a patch to fix this issue.