CVE-2026-16194
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/web_fetc
CVSS
6.3
Medio
EPSS
—
KEV
—
Exploit Today
—
0-100
Publicado: 18 jul 2026 · Última mod.: 18 jul 2026 · CWE-918
Sin historial EPSS suficiente todavía.
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/web_fetch/web_fetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.2 is able to mitigate this issue. This patch is called ea47f3097eed4f8295c4cb3d76ecb97e0f43d632. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
- github.comhttps://github.com/zhayujie/CowAgent/
- github.comhttps://github.com/zhayujie/CowAgent/commit/ea47f3097eed4f8295c4cb3d76ecb97e0f43d632
- github.comhttps://github.com/zhayujie/CowAgent/issues/2889
- github.comhttps://github.com/zhayujie/CowAgent/pull/2900
- github.comhttps://github.com/zhayujie/CowAgent/releases/tag/2.1.2
- vuldb.comhttps://vuldb.com/cve/CVE-2026-16194
- vuldb.comhttps://vuldb.com/submit/857620
- vuldb.comhttps://vuldb.com/vuln/380009
- vuldb.comhttps://vuldb.com/vuln/380009/cti