CVE-2026-10214 | zhayujie chatgpt-on-wechat up to 2.0.8 Bash Tool agent/tools/bash/bash.py _get_safety_warning os command injection (Issue 2803)

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability was found in zhayujie chatgpt-on-wechat up to 2.0.8. It has been declared as critical. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection.

This vulnerability is tracked as CVE-2026-10214. The attack can be launched remotely. Moreover, an exploit is present.

It is recommended to upgrade the affected component.

CVE-2026-10214 | zhayujie chatgpt-on-wechat up to 2.0.8 Bash Tool agent/tools/bash/bash.py _get_safety_warning os command injection (Issue 2803)

Post correlati

CVE-2024-21678 | Atlassian Confluence Data Center cross site scripting

CVE-2014-125127 | mikecao flight up to 1.1.10 HTTP Request allocation of resources

CVE-2025-30001 | Apache StreamPark 2.1.4/2.1.5 Remote Code Execution

CVE-2024-43087 | Google Android 12/12L/13/14/15 AccessibilitySettings.java getInstalledAccessibilityPreferences Local Privilege Escalation