CVE-2026-35589 | HKUDS nanobot up to 0.1.4 Bridge API bridge/src/server.ts BRIDGE_TOKEN missing origin validation in websockets (GHSA-v5j3-4q66-58cf)

A vulnerability was found in HKUDS nanobot up to 0.1.4. It has been classified as problematic. The affected element is an unknown function of the file bridge/src/server.ts of the component Bridge API. This manipulation of the argument BRIDGE_TOKEN causes missing origin validation in websockets.

The identification of this vulnerability is CVE-2026-35589. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More