Skip to main content

CowAgent CVE-2026-14714

| EUVDEUVD-2026-41729 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-07-05 VulDB GHSA-wh4m-9grw-87fp
5.5
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable endpoint, no privileges required, no user interaction; only low integrity and availability impact, no confidentiality loss per description.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jul 05, 2026 - 06:22 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Jul 05, 2026 - 06:21 vuln.today

DescriptionCVE.org

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."

AnalysisAI

Missing authentication in CowAgent 2.1.0's /wx WeChat endpoint allows remote unauthenticated attackers to bypass server verification by supplying an empty or default wechatmp_token, causing the underlying HMAC signature check to silently degenerate into a predictable hash. The vendor confirms the flaw exists in verify_server() within channel/wechatmp/common.py, where no explicit non-empty token guard was enforced, making the endpoint fail open rather than closed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed /wx endpoint
Delivery
Observe or assume empty wechatmp_token
Exploit
Compute predictable degenerate signature
Execution
Submit crafted verification request
Persist
Bypass verify_server() authentication
Impact
Interact with WeChat bot endpoint

Vulnerability AssessmentAI

Exploitation The /wx WeChat verification endpoint must be network-accessible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates low-complexity, unauthenticated network exploitation with no special attack requirements, which is a straightforward exploitation profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies an internet-facing CowAgent instance running version 2.1.0 and sends a crafted HTTP GET or POST request to the /wx endpoint with an empty or absent wechatmp_token parameter alongside attacker-controlled WeChat verification parameters. Because the signature check degenerates to a predictable HMAC when the token is empty, the attacker can compute a valid-looking signature locally and pass verification without possessing any secret credential. …
Remediation Upgrade to CowAgent version 2.1.1 immediately; this is the vendor-released patch confirmed at commit 3d7c68bac6ee74fad63f43cf99e45c62e202ed55 (https://github.com/zhayujie/CowAgent/commit/3d7c68bac6ee74fad63f43cf99e45c62e202ed55) and release tag https://github.com/zhayujie/CowAgent/releases/tag/2.1.1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy