No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sun, 05 Jul 2026 06:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash." | |
| Title | zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication | |
| First Time appeared |
Zhayujie
Zhayujie chatgpt-on-wechat Cowagent |
|
| Weaknesses | CWE-287 CWE-306 |
|
| CPEs | cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zhayujie
Zhayujie chatgpt-on-wechat Cowagent |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T05:30:09.514Z
Reserved: 2026-07-04T07:43:09.434Z
Link: CVE-2026-14714
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-05T15:45:03Z