A vulnerability has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1 and classified as critical. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-15628. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.