CVE-2026-6129: A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the
highvulnerability
security
Summary
A vulnerability (CVE-2026-6129) was found in the CowAgent component of zhayujie's chatgpt-on-wechat software up to version 2.0.4, where missing authentication (failure to verify user identity) in the Agent Mode Service allows attackers to perform unauthorized actions remotely. The exploit is publicly available and the developers have not yet responded to the initial report of the problem.
Vulnerability Details
CVSS Score
7.3(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 12, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6129
First tracked: April 12, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 75%