A vulnerability was found in zhayujie chatgpt-on-wechat up to 2.0.8 . It has been declared as critical . This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool . Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-10214 . The attack can be launched remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.