Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible SSRF requiring low-privilege auth (PR:L per CVSS 4.0); scope unchanged; limited C/I/A consistent with SSRF without confirmed data exfiltration primitives.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.1.2 is capable of addressing this issue. The patch is named e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. The affected component should be upgraded.
AnalysisAI
Server-side request forgery in zhayujie CowAgent's Vision Tool allows authenticated remote attackers to make the server issue arbitrary HTTP requests to internal network resources. The vulnerability exists in the Vision._download_to_data_url / _build_image_content function in agent/tools/vision/vision.py, where the image argument is passed to an HTTP fetch without URL validation, enabling access to private RFC1918 addresses, loopback interfaces, and other non-public infrastructure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated session with the CowAgent instance (CVSS 4.0 PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) yields a score of 5.3, reflecting low-complexity network-accessible exploitation requiring low privileges, with limited per-impact-category scores. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated CowAgent user submits a Vision Tool request with the image parameter set to http://169.254.169.254/latest/meta-data/ (AWS metadata endpoint) or http://10.0.0.1/admin. The CowAgent server issues the HTTP request from its own network context, receives the response, and returns content accessible only from that server's network position to the attacker. … |
| Remediation | The primary fix is upgrading to CowAgent version 2.1.2, which is confirmed available via the vendor GitHub release at https://github.com/zhayujie/CowAgent/releases/tag/2.1.2 (patch commit e85290cddcbb5ffc9c235927f4c92e5b4c3ec264, PR https://github.com/zhayujie/CowAgent/pull/2886). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Chatgpt On Wechat Cowagent
View allMissing authentication in CowAgent 2.1.0's /wx WeChat endpoint allows remote unauthenticated attackers to bypass server
Authentication bypass in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4 allows remote unauthenticated attackers
Missing authentication in zhayujie chatgpt-on-wechat CowAgent 2.0.4 administrative HTTP endpoint allows remote attackers
Path traversal in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4 allows unauthenticated remote attackers to rea
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43617
GHSA-76cc-739m-wwpv