{"id":82214,"date":"2026-07-19T01:46:43","date_gmt":"2026-07-18T22:16:43","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-16194-zhayujie-cowagent-web_fetch-py-webfetch-execute-server-side-request-forgery\/"},"modified":"2026-07-19T01:46:43","modified_gmt":"2026-07-18T22:16:43","slug":"cve-2026-16194-zhayujie-cowagent-web_fetch-py-webfetch-execute-server-side-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-16194-zhayujie-cowagent-web_fetch-py-webfetch-execute-server-side-request-forgery\/","title":{"rendered":"CVE-2026-16194 &#8211; zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery"},"content":{"rendered":"<p>CVE ID :CVE-2026-16194<\/p>\n<p>  Published : July 18, 2026, 10:16 p.m. | 1\u00a0hour, 23\u00a0minutes ago<\/p>\n<p>  Description :A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent\/tools\/web_fetch\/web_fetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.2 is able to mitigate this issue. This patch is called ea47f3097eed4f8295c4cb3d76ecb97e0f43d632. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.<\/p>\n<p>  Severity: 6.5 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-16194 Published : July 18, 2026, 10:16 p.m. | 1\u00a0hour, 23\u00a0minutes ago Description :A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent\/tools\/web_fetch\/web_fetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-82214","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=82214"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82214\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=82214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=82214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=82214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}