CVE-2026-10214: A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_wa
Summary
A vulnerability called OS command injection (a flaw that lets attackers run unauthorized system commands) was found in the Bash Tool component of chatgpt-on-wechat software versions up to 2.0.8. The vulnerability exists in the _get_safety_warning function and can be exploited remotely, meaning an attacker doesn't need direct access to the affected system. This weakness has been publicly disclosed and could be actively exploited.
Solution / Mitigation
Upgrading to version 2.0.9 is capable of addressing this issue. The patch is identified as 16d9b449c9aa53ccee44144a762a2737d7ba4fc4.
Vulnerability Details
7.3(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
network
low
none
none
May 31, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10214
First tracked: June 1, 2026 at 02:08 AM
Classified by LLM (prompt v3) · confidence: 85%