top of page
perceptive_background_267k.jpg

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.…

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 04:00:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Email & Messaging

A critical vulnerability (CVE-2026-10214) has been identified in zhayujie chatgpt-on-wechat versions up to 2.0.8. The vulnerability affects the _get_safety_warning function in the Bash Tool component, allowing for OS command injection attacks. The vulnerability can be exploited remotely and public exploits are available. Users should upgrade to version 2.0.9 which includes patch 16d9b449c9aa53ccee44144a762a2737d7ba4fc4 to address this security issue.

Technical details

Mitigation steps:

Affected products:

zhayujie chatgpt-on-wechat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-10214
https://github.com/zhayujie/CowAgent/commit/16d9b449c9aa53ccee44144a762a2737d7ba4fc4
https://github.com/zhayujie/CowAgent/issues/2803
https://github.com/zhayujie/CowAgent/releases/tag/2.0.9
https://vuldb.com/cve/CVE-2026-10214
https://vuldb.com/submit/821929
https://vuldb.com/vuln/367493
https://vuldb.com/vuln/367493/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page