Отправить #793554: zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API AccessИнформация

Названиеzhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Access
ОписаниеThe chatgpt-on-wechat Web Console exposes all administrative HTTP endpoints without any form of authentication or authorization. The HTTP server default, making all endpoints accessible to any client on the network or internet. An unauthenticated attacker can read and modify application configuration (including API keys), connect/disconnect messaging channels, upload arbitrary files, read application logs, and access memory content.
Источник⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2733
Пользователь
 Yu_Bao (UID 89348)
Представление31.03.2026 12:14 (3 месяцы назад)
Модерация11.04.2026 22:22 (11 days later)
Статуспринято
Запись VulDB356990 [zhayujie chatgpt-on-wechat CowAgent 2.0.4 Administrative HTTP Endpoint слабая аутентификация]
Баллы19

Want to know what is going to be exploited?

We predict KEV entries!