CVE-2026-28795

UNKNOWN 0.0

OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.

CWE	CWE-22
Vendor	zhongyu09
Product	openchatbi
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for zhongyu09 openchatbi

Be the first to know when new unknown vulnerabilities affecting zhongyu09 openchatbi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

zhongyu09 / openchatbi

< 0.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79 github.com: https://github.com/zhongyu09/openchatbi/issues/10 github.com: https://github.com/zhongyu09/openchatbi/pull/12 github.com: https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75