Summary Tenable Research has identified and responsibly disclosed a vulnerability to Nanobot. Synopsis Vulnerability: Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge Severity: Critical Risk Information CVE ID: CVE-2026-2577 Tenable Advisory ID: TRA-2026-09 Credit: Joshua Martinelle CVSSv3 Base / Temporal Score: 10.0 CVSSv3 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSSv4 Base Score: 10.0 CVSSv4 Vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H Affected Products: Nanobot < v0.1.3.post7 Risk Factor: Critical Advisory Timeline February 16, 2026: Initial release Disclosure Timeline February 6, 2026: Tenable sends request for contact February 12, 2026: Second attempt February 12, 2026: Vendor provides a security contact, details sent February 13, 2026: Fixed in v0.1.3.post7