← voltar
CVE-2026-6129

zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

CVSS 6.9 MEDIUMEPSS 0.4%CWE-287CWE-306
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
zhayujie · chatgpt-on-wechat CowAgent
PoCs públicas encontradas1
cve_referencegithub.com/zhayujie/chatgpt-on-wechat/issues/2741#issue-4191903266não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/zhayujie/chatgpt-on-wechat/issues/2741https://github.com/zhayujie/chatgpt-on-wechat/issues/2741#issue-4191903266https://vuldb.com/submit/795272https://vuldb.com/vuln/356992https://vuldb.com/vuln/356992/cti