CVE-2026-28795
Path Traversal in OpenChatBI save_report Tool Allows Arbitrary File Access
Publication date: 2026-03-06
Last updated on: 2026-03-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhongyu09 | openchatbi | to 0.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-28795 is a critical path traversal vulnerability in the save_report tool of OpenChatBI, specifically in the file openchatbi/tool/save_report.py. The vulnerability occurs because the file_format parameter is not properly sanitized, allowing malicious input containing path traversal sequences like "/../../" to remain intact.'}, {'type': 'paragraph', 'content': 'This improper sanitization allows an attacker to manipulate the filename construction process, enabling them to write files outside the intended report directory. By exploiting this, an attacker can overwrite critical system files such as __init__.py, potentially leading to remote code execution.'}, {'type': 'paragraph', 'content': 'The vulnerability was patched in version 0.2.2 by introducing a whitelist validation that restricts allowable file formats and by sanitizing the report title to ensure safe filenames.'}] [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can have severe security impacts. An attacker can exploit it to write arbitrary files outside the intended directory, including critical system files.
- Overwrite important Python files like __init__.py, enabling remote code execution (RCE).
- On Windows systems, attackers can write files anywhere on the filesystem, including PowerShell scripts in startup folders or profiles, leading to persistent malicious code execution.
- Achieve full system compromise by executing arbitrary code when the application or system starts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking if the OpenChatBI version in use is prior to 0.2.2, as versions up to and including 0.2.1 are affected. Additionally, detection involves verifying if the save_report tool is invoked with a file_format parameter that contains path traversal sequences such as '/../' or '/../../'."}, {'type': 'paragraph', 'content': 'A practical approach to detection is to monitor or audit logs or usage of the save_report tool for suspicious file_format inputs that include path traversal patterns. Since the vulnerability allows writing files outside the intended directory, look for unexpected file writes or modifications in critical system paths, especially Python files like __init__.py or PowerShell startup scripts.'}, {'type': 'paragraph', 'content': 'While no explicit commands are provided in the resources, you can use file system monitoring tools or commands to detect unusual file creations or modifications. For example, on Linux systems, you might use:'}, {'type': 'list_item', 'content': 'grep or auditd to search for suspicious file_format parameters in logs or application traces.'}, {'type': 'list_item', 'content': "find /path/to/openchatbi/reports -type f -name '*.*' -exec grep -l '\\.\\./' {} + # to find files with path traversal patterns in names"}, {'type': 'list_item', 'content': 'On Windows, use PowerShell commands to check for unexpected files in startup folders or overwritten Python files.'}, {'type': 'paragraph', 'content': 'Also, reviewing the source code or configuration to confirm if the whitelist validation for file_format is implemented can help detect vulnerable deployments.'}] [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenChatBI to version 0.2.2 or later, where the vulnerability has been patched.
If upgrading is not immediately possible, implement strict validation of the file_format parameter in the save_report tool by enforcing a whitelist of allowed file extensions. The approved extensions are: md, csv, txt, json, html, and xml.
This validation should reject any file_format input that contains path traversal sequences or is not in the allowed set, raising an error to prevent exploitation.
Additionally, sanitize the report title to allow only alphanumeric characters, spaces, and hyphens, replacing spaces with underscores to prevent unsafe filenames.
Monitor your system for any signs of exploitation, such as unexpected file writes outside the intended directories, especially overwrites of critical files like __init__.py or PowerShell startup scripts.