Missing Authorization Vulnerability in CowAgent by zhayujie
CVE-2026-15332
Key Information:
Badges
What is CVE-2026-15332?
A security flaw in zhayujie CowAgent, affecting version 2.1.0 and earlier, allows remote attackers to exploit an unknown function in channel.py of the Message Endpoint. This vulnerability results in missing authorization checks, potentially compromising the application's security. Despite early notification to the project team, no response has been documented, leaving users vulnerable to potential exploitation. Users should take immediate action to assess their exposure and implement any necessary remediation.
Affected Version(s)
CowAgent 2.0
CowAgent 2.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
