A vulnerability has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1 and classified as critical. This issue affects the function
Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request forgery.
This vulnerability is cataloged as CVE-2026-15628. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The affected component should be upgraded.