CVE-2026-10214
Published: 01 June 2026
Summary
CVE-2026-10214 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.
Deeper analysis
A weakness has been identified in zhayujie chatgpt-on-wechat up to version 2.0.8 within the Bash Tool component. The issue resides in the _get_safety_warning function of agent/tools/bash/bash.py and permits OS command injection through crafted input, corresponding to CWE-77 and CWE-78. The vulnerability is remotely exploitable and carries a CVSS 4.0 score of 5.5 reflecting limited impacts on confidentiality, integrity, and availability when successfully triggered.
An unauthenticated attacker can send malicious input over the network to the affected function and achieve execution of arbitrary operating system commands. Publicly available exploit code increases the likelihood of automated or manual attacks against exposed instances of the chatgpt-on-wechat application.
The vendor released version 2.0.9 to resolve the flaw, with the fix delivered in commit 16d9b449c9aa53ccee44144a762a2737d7ba4fc4; upgrading the component is the recommended mitigation. The associated EPSS score has remained flat at 0.0176 with no material rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-33535
Vulnerability details
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched…
more
remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is capable of addressing this issue. This patch is called 16d9b449c9aa53ccee44144a762a2737d7ba4fc4. It is recommended to upgrade the affected component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: chatgpt
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.