CVE-2026-15628 | zhayujie chatgpt-on-wechat CowAgent up to 2.1.1 Vision Tool vision.py Vision._download_to_data_url image server-side request forgery (Issue 2878 / EUVD-2026-43617)
A vulnerability has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1 and classified as critical. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request forgery.
This vulnerability is cataloged as CVE-2026-15628. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The affected component should be upgraded.