PT-2026-45246 · Zhayujie · Chatgpt-On-Wechat
Eric-A
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-10214
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
zhayujie chatgpt-on-wechat versions prior to 2.0.9
Description
A weakness in the Bash Tool component allows for remote OS command injection. This occurs within the
get safety warning() function located in the agent/tools/bash/bash.py file. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server.Recommendations
Upgrade to version 2.0.9.
As a temporary workaround, restrict the use of the
get safety warning() function in the Bash Tool component.Exploit
Fix
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chatgpt-On-Wechat