| 제목 | zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Remote Code Execution |
|---|
| 설명 | chatgpt-on-wechat (CowAgent) is an open-source AI Agent framework with 16.4k+ GitHub stars that provides LLM-powered assistants for WeChat, Feishu, DingTalk, and other messaging platforms. In Agent mode (enabled by default since v2.0.0), the application grants the AI agent access to system-level tools including a bash shell, file read/write, and web fetch capabilities. This is the application's intended functionality — the Agent is designed to operate the computer on behalf of the user.
However, the Web Console that controls this Agent is exposed on x.x.x.x:9899 with zero authentication on all endpoints, including the /message endpoint that accepts chat messages. This means any unauthenticated remote attacker who can reach port 9899 can send instructions to the AI Agent, which will then execute OS commands, read/write files, and access network resources on the attacker's behalf.
The root cause is not the bash tool itself (which is working as designed), but the complete absence of authentication on the Web Console that exposes these powerful capabilities to the network.
|
|---|
| 원천 | ⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2741 |
|---|
| 사용자 | York Shen (UID 97025) |
|---|
| 제출 | 2026. 04. 02. AM 08:03 (12 날 ago) |
|---|
| 모더레이션 | 2026. 04. 12. AM 06:23 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356992 [zhayujie chatgpt-on-wechat CowAgent 까지 2.0.4 Agent Mode Service 약한 인증] |
|---|
| 포인트들 | 20 |
|---|