{"data":{"id":"b24e7925-f952-4d5d-9fe0-c33395849330","title":"CVE-2026-10214: A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_wa","summary":"A vulnerability called OS command injection (a flaw that lets attackers run unauthorized system commands) was found in the Bash Tool component of chatgpt-on-wechat software versions up to 2.0.8. The vulnerability exists in the _get_safety_warning function and can be exploited remotely, meaning an attacker doesn't need direct access to the affected system. This weakness has been publicly disclosed and could be actively exploited.","solution":"Upgrading to version 2.0.9 is capable of addressing this issue. The patch is identified as 16d9b449c9aa53ccee44144a762a2737d7ba4fc4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10214","publishedAt":"2026-06-01T03:16:25.123Z","cveId":"CVE-2026-10214","cweIds":["CWE-77","CWE-78"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["zhayujie/chatgpt-on-wechat","ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-01T03:16:25.123Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}