๐Ÿ” CVE Alert

CVE-2026-14714

MEDIUM 6.5

zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."

CWE CWE-306 CWE-287
Vendor zhayujie
Product chatgpt-on-wechat cowagent
Published Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for zhayujie chatgpt-on-wechat cowagent

Be the first to know when new medium vulnerabilities affecting zhayujie chatgpt-on-wechat cowagent are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

zhayujie / chatgpt-on-wechat CowAgent
2.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376304 vuldb.com: https://vuldb.com/vuln/376304/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14714 vuldb.com: https://vuldb.com/submit/847484 github.com: https://github.com/zhayujie/CowAgent/issues/2860 github.com: https://github.com/zhayujie/CowAgent/commit/3d7c68bac6ee74fad63f43cf99e45c62e202ed55 github.com: https://github.com/zhayujie/CowAgent/releases/tag/2.1.1

Credits

๐Ÿ” Eric-j (VulDB User) VulDB CNA Team