EXECUTIVE SUMMARY:
CVE-2026-48063 with a CVSS score of 9.3 is a critical vulnerability in the Baileys package, specifically affecting versions less than 6.7.22 and versions 7.0.0-rc.1 through 7.0.0-rc11, which can be exploited by sending a maliciously crafted protocolMessage payload to trigger a fake messages.upsert event, allowing an attacker to spoof messages and corrupt the app state sync system by sending fake key shares, ultimately enabling history sync spoofing and injecting fake previous context or on-demand sync. An attacker can exploit this vulnerability via the placeholderResendMessage, requiring network access to the affected system, and gaining the capability to manipulate message history and app state, potentially leading to security breaches, data tampering, and disruption of business operations. The business impact and consequences of exploiting this vulnerability can be severe, including compromised data integrity, security, and trust. Prerequisites for exploitation include the ability to send malicious payloads to the affected Baileys session, and the vulnerability can be exploited under specific conditions, such as when the affected system is configured to automatically sync history messages.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-48063 with a CVSS score of 9.3 is a critical vulnerability in the Baileys package, specifically affecting versions less than 6.7.22 and versions 7.0.0-rc.1 through 7.0.0-rc11, which can be exploited by sending a maliciously crafted protocolMessage payload to trigger a fake messages.upsert event, allowing an attacker to spoof messages and corrupt the app state sync system by sending fake key shares, ultimately enabling history sync spoofing and injecting fake previous context or on-demand sync. An attacker can exploit this vulnerability via the placeholderResendMessage, requiring network access to the affected system, and gaining the capability to manipulate message history and app state, potentially leading to security breaches, data tampering, and disruption of business operations. The business impact and consequences of exploiting this vulnerability can be severe, including compromised data integrity, security, and trust. Prerequisites for exploitation include the ability to send malicious payloads to the affected Baileys session, and the vulnerability can be exploited under specific conditions, such as when the affected system is configured to automatically sync history messages.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update baileys to version 6.7.22 or 7.0.0-rc12.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-qvv5-jq5g-4cgg