CVE-2026-15628: A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function
Summary
A security vulnerability (CVE-2026-15628) was found in the Vision Tool component of chatgpt-on-wechat CowAgent up to version 2.1.1, where attackers can manipulate image arguments to trigger SSRF (server-side request forgery, where the server is tricked into making unwanted requests to other systems). The flaw can be exploited remotely, and exploit code has been publicly released.
Solution / Mitigation
Upgrading to version 2.1.2 addresses this issue. The patch is identified as e85290cddcbb5ffc9c235927f4c92e5b4c3ec264.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
network
low
low
none
July 14, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-15628
First tracked: July 14, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 85%