CVE-2026-10214

HIGH 7.3

zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is capable of addressing this issue. This patch is called 16d9b449c9aa53ccee44144a762a2737d7ba4fc4. It is recommended to upgrade the affected component.

CWE	CWE-78 CWE-77
Vendor	zhayujie
Product	chatgpt-on-wechat
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for zhayujie chatgpt-on-wechat

Be the first to know when new high vulnerabilities affecting zhayujie chatgpt-on-wechat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

zhayujie / chatgpt-on-wechat

2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367493 vuldb.com: https://vuldb.com/vuln/367493/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10214 vuldb.com: https://vuldb.com/submit/821929 github.com: https://github.com/zhayujie/CowAgent/issues/2803 github.com: https://github.com/zhayujie/CowAgent/commit/16d9b449c9aa53ccee44144a762a2737d7ba4fc4 github.com: https://github.com/zhayujie/CowAgent/releases/tag/2.0.9

Credits

🔍 Eric-a (VulDB User)