CVE-2026-5998 | zhayujie chatgpt-on-wechat CowAgent up to 2.0.4 API Memory Content Endpoint agent/memory/service.py dispatch filename path traversal (Issue 2734)

A vulnerability classified as critical has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal.

This vulnerability is handled as CVE-2026-5998. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5998 | zhayujie chatgpt-on-wechat CowAgent up to 2.0.4 API Memory Content Endpoint agent/memory/service.py dispatch filename path traversal (Issue 2734)

Post correlati

CVE-2025-6888 | PHPGurukul Teachers Record Management System 2.1 /admin/changeimage.php tid sql injection

CVE-2024-24093 | code-projects Scholars Tracking System 1.0 Personal Information Update sql injection

CVE-2024-1547 | Mozilla Firefox up to 115.8 API improper restriction of rendered ui layers

CVE-2026-21410 | InSAT MasterSCADA BUK-TS Main Web Interface sql injection (icsa-26-055-01)