Cyber Resilience

CVE-2026-10214

Medium

Published: 01 June 2026

Published
01 June 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0134 67.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-10214 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

Deeper analysis

A weakness has been identified in zhayujie chatgpt-on-wechat up to version 2.0.8 within the Bash Tool component. The issue resides in the _get_safety_warning function of agent/tools/bash/bash.py and permits OS command injection through crafted input, corresponding to CWE-77 and CWE-78. The vulnerability is remotely exploitable and carries a CVSS 4.0 score of 5.5 reflecting limited impacts on confidentiality, integrity, and availability when successfully triggered.

An unauthenticated attacker can send malicious input over the network to the affected function and achieve execution of arbitrary operating system commands. Publicly available exploit code increases the likelihood of automated or manual attacks against exposed instances of the chatgpt-on-wechat application.

The vendor released version 2.0.9 to resolve the flaw, with the fix delivered in commit 16d9b449c9aa53ccee44144a762a2737d7ba4fc4; upgrading the component is the recommended mitigation. The associated EPSS score has remained flat at 0.0176 with no material rise after disclosure.

EU & UK References

Vulnerability details

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched…

more

remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is capable of addressing this issue. This patch is called 16d9b449c9aa53ccee44144a762a2737d7ba4fc4. It is recommended to upgrade the affected component.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: chatgpt

Related Threats

CVEs Like This One

CVE-2026-5352Shared CWE-77, CWE-78
CVE-2026-7037Shared CWE-77, CWE-78
CVE-2026-2131Shared CWE-77, CWE-78
CVE-2025-1339Shared CWE-77, CWE-78
CVE-2026-8229Shared CWE-77, CWE-78
CVE-2026-40933Shared CWE-78
CVE-2026-5688Shared CWE-77, CWE-78
CVE-2026-7416Shared CWE-77, CWE-78
CVE-2026-9404Shared CWE-77, CWE-78
CVE-2026-2544Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References