CVE-2026-28795
Received Received - Intake
Path Traversal in OpenChatBI save_report Tool Allows Arbitrary File Access

Publication date: 2026-03-06

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28795
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zhongyu09 openchatbi to 0.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-28795 is a critical path traversal vulnerability in the save_report tool of OpenChatBI, specifically in the file openchatbi/tool/save_report.py. The vulnerability occurs because the file_format parameter is not properly sanitized, allowing malicious input containing path traversal sequences like "/../../" to remain intact.'}, {'type': 'paragraph', 'content': 'This improper sanitization allows an attacker to manipulate the filename construction process, enabling them to write files outside the intended report directory. By exploiting this, an attacker can overwrite critical system files such as __init__.py, potentially leading to remote code execution.'}, {'type': 'paragraph', 'content': 'The vulnerability was patched in version 0.2.2 by introducing a whitelist validation that restricts allowable file formats and by sanitizing the report title to ensure safe filenames.'}] [1, 2, 4]

Impact Analysis

This vulnerability can have severe security impacts. An attacker can exploit it to write arbitrary files outside the intended directory, including critical system files.

  • Overwrite important Python files like __init__.py, enabling remote code execution (RCE).
  • On Windows systems, attackers can write files anywhere on the filesystem, including PowerShell scripts in startup folders or profiles, leading to persistent malicious code execution.
  • Achieve full system compromise by executing arbitrary code when the application or system starts.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking if the OpenChatBI version in use is prior to 0.2.2, as versions up to and including 0.2.1 are affected. Additionally, detection involves verifying if the save_report tool is invoked with a file_format parameter that contains path traversal sequences such as '/../' or '/../../'."}, {'type': 'paragraph', 'content': 'A practical approach to detection is to monitor or audit logs or usage of the save_report tool for suspicious file_format inputs that include path traversal patterns. Since the vulnerability allows writing files outside the intended directory, look for unexpected file writes or modifications in critical system paths, especially Python files like __init__.py or PowerShell startup scripts.'}, {'type': 'paragraph', 'content': 'While no explicit commands are provided in the resources, you can use file system monitoring tools or commands to detect unusual file creations or modifications. For example, on Linux systems, you might use:'}, {'type': 'list_item', 'content': 'grep or auditd to search for suspicious file_format parameters in logs or application traces.'}, {'type': 'list_item', 'content': "find /path/to/openchatbi/reports -type f -name '*.*' -exec grep -l '\\.\\./' {} + # to find files with path traversal patterns in names"}, {'type': 'list_item', 'content': 'On Windows, use PowerShell commands to check for unexpected files in startup folders or overwritten Python files.'}, {'type': 'paragraph', 'content': 'Also, reviewing the source code or configuration to confirm if the whitelist validation for file_format is implemented can help detect vulnerable deployments.'}] [2, 4]

Mitigation Strategies

The immediate mitigation step is to upgrade OpenChatBI to version 0.2.2 or later, where the vulnerability has been patched.

If upgrading is not immediately possible, implement strict validation of the file_format parameter in the save_report tool by enforcing a whitelist of allowed file extensions. The approved extensions are: md, csv, txt, json, html, and xml.

This validation should reject any file_format input that contains path traversal sequences or is not in the allowed set, raising an error to prevent exploitation.

Additionally, sanitize the report title to allow only alphanumeric characters, spaces, and hyphens, replacing spaces with underscores to prevent unsafe filenames.

Monitor your system for any signs of exploitation, such as unexpected file writes outside the intended directories, especially overwrites of critical files like __init__.py or PowerShell startup scripts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28795. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart