Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

The National Vulnerability Database (NVD) recently disclosed a critical Cross-Site WebSocket Hijacking (CSWSH) vulnerability, CVE-2026-35589, impacting ‘nanobot’ – a personal AI assistant. This flaw, present in versions prior to 0.1.5, stems from an incomplete fix for a previous vulnerability, CVE-2026-2577. Specifically, the bridge’s WebSocket server (located in bridge/src/server.ts) fails to adequately validate the Origin header during the WebSocket handshake.

While the original remediation attempted to mitigate the issue by binding the server to 127.0.0.1 and introducing an optional BRIDGE_TOKEN parameter, the token authentication is disabled by default. This oversight is a major miss, as browsers, by design, don’t enforce the Same-Origin Policy on WebSockets unless explicitly denied by the server. Consequently, any malicious website a user visits can establish a WebSocket connection to ws://127.0.0.1:3001/ and gain unfettered access to the bridge API. This isn’t just a theoretical exploit; the NVD reports that an attacker could hijack WhatsApp sessions, snoop on incoming messages, pilfer authentication QR codes, and even send messages on behalf of the compromised user. This is a high-severity issue, rated 8.0 on the CVSS scale, and has been addressed in version 0.1.5.

ID	Type	Indicator
CVE-2026-35589	Cross-Site WebSocket Hijacking	nanobot versions prior to 0.1.5
CVE-2026-35589	Cross-Site WebSocket Hijacking	Vulnerable component: bridge's WebSocket server in bridge/src/server.ts
CVE-2026-35589	Cross-Site WebSocket Hijacking	Attack vector: WebSocket connection to ws://127.0.0.1:3001/
CVE-2026-35589	Cross-Site WebSocket Hijacking	Affected functionality: Lack of Origin header validation during WebSocket handshake
CVE-2026-35589	Cross-Site WebSocket Hijacking	Related vulnerability: CVE-2026-2577 (incomplete remediation)

Type

Indicator

CVE-2026-35589