CVE-2026-14714
Last modified
CVE-2026-14714 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| zhayujie | chatgpt-on-wechat CowAgent | 2.1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14714?
How severe is CVE-2026-14714?
How do I fix CVE-2026-14714?
Related CVEs from 2026
- CVE-2026-14703A vulnerability has been found in itsourcecode Hospital Mana…6.3
- CVE-2026-14704A vulnerability was found in stephen-kruger bluebox up to 4.…4.3
- CVE-2026-14705A vulnerability was determined in code-projects Online Exami…7.3
- CVE-2026-14706A vulnerability was identified in code-projects Online Exami…6.3
- CVE-2026-1471Excessive caching of authentication context in Neo4j Enterpr…6.5
- CVE-2026-14713A security flaw has been discovered in SourceCodester Pizzaf…7.3
- CVE-2026-14716A security vulnerability has been detected in nextlevelbuild…6.3
- CVE-2026-14717A vulnerability was detected in itsourcecode Hospital Manage…6.3
- CVE-2026-14719A flaw has been found in SourceCodester Onlne Examination & …7.3
- CVE-2026-1472An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14721A vulnerability has been found in UTT HiPER 1250GW up to 3.2…8.8
- CVE-2026-14722A vulnerability was found in tiddly-gittly TidGi-Desktop up …7.3
Are you affected by CVE-2026-14714?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
