CVE-2026-14714 | zhayujie chatgpt-on-wechat CowAgent 2.1.0 wx Endpoint common.py verify_server wechatmp_token missing authentication (Issue 2860)
A vulnerability marked as critical has been reported in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication.
This vulnerability appears as CVE-2026-14714. The attack may be initiated remotely. In addition, an exploit is available.
It is suggested to upgrade the affected component.
The project confirms: “We’ve added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash.”VulDB Recent EntriesRead More