| tiêu đề | zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Remote Code Execution |
|---|
| Mô tả | chatgpt-on-wechat (CowAgent) is an open-source AI Agent framework with 16.4k+ GitHub stars that provides LLM-powered assistants for WeChat, Feishu, DingTalk, and other messaging platforms. In Agent mode (enabled by default since v2.0.0), the application grants the AI agent access to system-level tools including a bash shell, file read/write, and web fetch capabilities. This is the application's intended functionality — the Agent is designed to operate the computer on behalf of the user.
However, the Web Console that controls this Agent is exposed on x.x.x.x:9899 with zero authentication on all endpoints, including the /message endpoint that accepts chat messages. This means any unauthenticated remote attacker who can reach port 9899 can send instructions to the AI Agent, which will then execute OS commands, read/write files, and access network resources on the attacker's behalf.
The root cause is not the bash tool itself (which is working as designed), but the complete absence of authentication on the Web Console that exposes these powerful capabilities to the network.
|
|---|
| Nguồn | ⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2741 |
|---|
| Người dùng | York Shen (UID 97025) |
|---|
| Đệ trình | 02/04/2026 08:03 (cách đây 13 ngày) |
|---|
| Kiểm duyệt | 12/04/2026 06:23 (10 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 356992 [zhayujie chatgpt-on-wechat CowAgent đến 2.0.4 Agent Mode Service xác thực yếu] |
|---|
| điểm | 20 |
|---|