CVE-2026-10214 | zhayujie chatgpt-on-wechat up to 2.0.8 Bash Tool agent/tools/bash/bash.py _get_safety_warning os command injection (Issue 2803)

A vulnerability was found in zhayujie chatgpt-on-wechat up to 2.0.8. It has been declared as critical. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection.

This vulnerability is tracked as CVE-2026-10214. The attack can be launched remotely. Moreover, an exploit is present.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More