MEDIUM
zhayujie
CVE published 2026-06-01
CVE-2026-10214
A command injection vulnerability exists in the Bash Tool component of zhayujie chatgpt-on-wechat (also referenced as CowAgent) versions up to and including 2.0.8. The weakness is located in the `_get_safety_warning` function within `agent/tools/bash/bash.py`. An attacker can exploit this flaw remotely through crafted input manipulation to achieve operating system command injection. The vulnerability has [truncated]