CVE-2026-14714
CVE-2026-14714 affects zhayujie CowAgent 2.1.0's wx Endpoint (component wx) via verify_server in channel/wechatmp/common.py. An attacker can manipulate the wechatmp_token to bypass authentication, with remote exploitability and a public PoC. The issue is fixed in 2.1.1; patch name is 3d7c68bac6ee...