{"data":{"id":"1b62b3b8-bfd1-4f3c-8574-b72e4d1e7cd0","title":"CVE-2026-5998: A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file","summary":"A path traversal vulnerability (a weakness that lets attackers access files outside their intended directory) was found in the chatgpt-on-wechat CowAgent software version 2.0.4 and earlier, specifically in the memory API endpoint where it processes a filename argument. This flaw can be exploited remotely by attackers, and proof-of-concept code has already been published online.","solution":"Upgrading to version 2.0.5 mitigates this issue. The patch identifier is 174ee0cafc9e8e9d97a23c305418251485b8aa89.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-5998","publishedAt":"2026-04-10T02:16:04.460Z","cveId":"CVE-2026-5998","cweIds":["CWE-22"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["zhayujie/chatgpt-on-wechat","CowAgent"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-10T02:16:04.460Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}