PT-2026-60992 · Zhayujie · Cowagent

·

CVE-2026-16194

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions zhayujie CowAgent versions prior to 2.1.2
Description An issue exists in the WebFetch.execute() function within the agent/tools/web fetch/web fetch.py file. A remote attacker can manipulate the url argument to perform server-side request forgery (SSRF), a technique where the server is coerced into making unauthorized requests to internal or external resources.
Recommendations Upgrade to version 2.1.2.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16194

Affected Products

Cowagent