CVE-2026-28795: OpenChatBI has a Path Traversal Vulnerability in save_report Tool
(updated )
The save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter.
The function only removes leading dots of file_format using file_format.lstrip(".") but allows path traversal sequences like /../../ to pass through unchanged. When the filename is constructed via string concatenation in
f"{timestamp}_{clean_title}.{file_format}"
malicious path sequences are preserved, enabling attackers to write files outside the designated report directory.
An attacker can manipulate the LLM to call the tool with a specific file_format to overwrite critical system files like __init__.py, potentially leading to remote code execution.
References
- github.com/advisories/GHSA-vmwq-8g8c-jm79
- github.com/zhongyu09/openchatbi
- github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75
- github.com/zhongyu09/openchatbi/issues/10
- github.com/zhongyu09/openchatbi/pull/12
- github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79
- nvd.nist.gov/vuln/detail/CVE-2026-28795
Code Behaviors & Features
Detect and mitigate CVE-2026-28795 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →