CVE-2026-5998 | zhayujie chatgpt-on-wechat CowAgent up to 2.0.4 API Memory Content Endpoint agent/memory/service.py dispatch filename path traversal (Issue 2734)

A vulnerability classified as critical has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal.

This vulnerability is handled as CVE-2026-5998. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5998 | zhayujie chatgpt-on-wechat CowAgent up to 2.0.4 API Memory Content Endpoint agent/memory/service.py dispatch filename path traversal (Issue 2734)

Post correlati

CVE-2025-11735 | HUSKY Plugin up to 1.3.7.1 on WordPress phrase sql injection

CVE-2024-12479 | cjbi wetech-cms 1.0/1.1/1.2 TopicDao.java searchTopicByKeyword keyword sql injection

CVE-2024-20487 | Cisco Identity Services Engine Software 2.7.0 p8 up to 3.3 Patch 3 Web-based Management Interface cross site scripting (cisco-sa-ise-multi-vulns-AF544ED5)

CVE-2026-4878 | libcap up to 2.77 cap_set_file allocation of resources