| عنوان | zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Remote Code Execution |
|---|
| الوصف | chatgpt-on-wechat (CowAgent) is an open-source AI Agent framework with 16.4k+ GitHub stars that provides LLM-powered assistants for WeChat, Feishu, DingTalk, and other messaging platforms. In Agent mode (enabled by default since v2.0.0), the application grants the AI agent access to system-level tools including a bash shell, file read/write, and web fetch capabilities. This is the application's intended functionality — the Agent is designed to operate the computer on behalf of the user.
However, the Web Console that controls this Agent is exposed on x.x.x.x:9899 with zero authentication on all endpoints, including the /message endpoint that accepts chat messages. This means any unauthenticated remote attacker who can reach port 9899 can send instructions to the AI Agent, which will then execute OS commands, read/write files, and access network resources on the attacker's behalf.
The root cause is not the bash tool itself (which is working as designed), but the complete absence of authentication on the Web Console that exposes these powerful capabilities to the network.
|
|---|
| المصدر | ⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2741 |
|---|
| المستخدم | York Shen (UID 97025) |
|---|
| ارسال | 02/04/2026 08:03 AM (12 أيام منذ) |
|---|
| الاعتدال | 12/04/2026 06:23 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 356992 [zhayujie chatgpt-on-wechat CowAgent حتى 2.0.4 Agent Mode Service توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|