Vulnerabilities ›

CVE-2026-6129

High

CWE-287 — Weakness Type

                    Published: Apr 12, 2026                      ·  Modified: Apr 19, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-6129 is a remote authentication bypass vulnerability in zhayujie chatgpt-on-wechat CowAgent versions up to 2.0.4 affecting the Agent Mode Service component. The vulnerability allows unauthenticated remote attackers to manipulate the service, with public exploits already available.

📄 Description (Arabic)

يؤثر هذا الثغرة على خدمة Agent Mode في مكون zhayujie chatgpt-on-wechat CowAgent حتى الإصدار 2.0.4. يسمح بتجاوز المصادقة من خلال معالجة خاصة للطلبات البعيدة، مما يمكن المهاجمين من الوصول غير المصرح به.

🤖 ملخص تنفيذي (AI)

A remote authentication bypass vulnerability exists in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4 in the Agent Mode Service component. Attackers can remotely exploit this vulnerability without authentication, and public exploits are currently available.

🤖 AI Intelligence Analysis Analyzed: May 6, 2026 21:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom banking government

🎯 MITRE ATT&CK Techniques

T1190 T1133 T1078

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update zhayujie chatgpt-on-wechat CowAgent to a version beyond 2.0.4 immediately. Implement network segmentation to restrict access to the Agent Mode Service. Apply input validation and authentication controls. Monitor for suspicious remote access attempts to the affected component.

🔧 خطوات المعالجة (العربية)

قم بتحديث zhayujie chatgpt-on-wechat CowAgent إلى إصدار أحدث من 2.0.4 فوراً. طبق تقسيم الشبكة لتقييد الوصول إلى خدمة Agent Mode. طبق التحقق من صحة المدخلات وضوابط المصادقة. راقب محاولات الوصول البعيد المريبة إلى المكون المتأثر.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 SI-4

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.9.4.3

🔗 References & Sources 5

🔗

https://github.com/zhayujie/chatgpt-on-wechat/issues/2741

cna@vuldb.com

🔗

https://github.com/zhayujie/chatgpt-on-wechat/issues/2741#issue-4191903266

cna@vuldb.com

🔗

https://vuldb.com/submit/795272

cna@vuldb.com

🔗

https://vuldb.com/vuln/356992

cna@vuldb.com

🔗

https://vuldb.com/vuln/356992/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-287

EPSS0.09%

Exploit No

Patch ✗ No

Published 2026-04-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-287

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-6129

💬 Comments

Introduce Yourself

Sign In Required