Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Zhayujie ChatGPT on WeChat CowAgent Allows Remote File Access
CVE-2026-5998
Summary
A critical issue has been discovered in the CowAgent component of ChatGPT on WeChat, which could allow an attacker to access files on your system. This means that a hacker could potentially access sensitive information or disrupt your service. To fix this issue, you should update the CowAgent component to version 2.0.5 or later.
Original title
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This m...
Original description
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 2.0.5 mitigates this issue. Patch name: 174ee0cafc9e8e9d97a23c305418251485b8aa89. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
nvd CVSS2.0
5.0
nvd CVSS3.1
5.3
nvd CVSS4.0
5.5
Vulnerability type
CWE-22
Path Traversal
- https://github.com/zhayujie/chatgpt-on-wechat/commit/174ee0cafc9e8e9d97a23c30541...
- https://github.com/zhayujie/chatgpt-on-wechat/issues/2734
- https://github.com/zhayujie/chatgpt-on-wechat/issues/2734#issue-4178013778
- https://github.com/zhayujie/chatgpt-on-wechat/releases/tag/2.0.5
- https://vuldb.com/submit/793558
- https://vuldb.com/vuln/356552
- https://vuldb.com/vuln/356552/cti
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026