CVE-2026-6129
Published: 12 April 2026
Summary
CVE-2026-6129 is a high-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 directly mandates defining and limiting permitted actions without identification or authentication, preventing unauthorized remote manipulation of the Agent Mode Service function.
AC-3 enforces approved authorizations for logical access to system resources, comprehensively blocking exploitation of the missing authentication vulnerability.
IA-8 requires identification and authentication for non-organizational users, mitigating remote attacks by unauthenticated external actors on the vulnerable service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication for critical function in public-facing Agent Mode Service enables remote unauthenticated exploitation of the application.
NVD Description
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public…
more
and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-6129 is a missing authentication vulnerability affecting an unknown function in the Agent Mode Service component of zhayujie chatgpt-on-wechat CowAgent versions up to 2.0.4. Classified under CWE-287 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function), it enables manipulation without proper checks, as detailed in the CVE published on 2026-04-12.
Remote attackers require no privileges (PR:N) and no user interaction (UI:N), with low attack complexity (AC:L), to exploit the issue over the network (AV:N). Successful exploitation results in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding a CVSS v3.1 base score of 7.3 (High) with no scope change (S:U).
References including GitHub issue #2741 and VulDB entries (vuln/356992) indicate the project was informed early via an issue report but has not responded, with no patches or specific mitigations documented. The exploit is public and may be used.
The vulnerability affects a ChatGPT-on-WeChat integration project, carrying potential relevance to AI agent deployments on messaging platforms.
Details
- CWE(s)