{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28795", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T14:25:19.245Z", "datePublished": "2026-03-06T06:21:52.789Z", "dateUpdated": "2026-03-09T19:52:48.920Z"}, "containers": {"cna": {"title": "OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79"}, {"name": "https://github.com/zhongyu09/openchatbi/issues/10", "tags": ["x_refsource_MISC"], "url": "https://github.com/zhongyu09/openchatbi/issues/10"}, {"name": "https://github.com/zhongyu09/openchatbi/pull/12", "tags": ["x_refsource_MISC"], "url": "https://github.com/zhongyu09/openchatbi/pull/12"}, {"name": "https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75", "tags": ["x_refsource_MISC"], "url": "https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75"}], "affected": [{"vendor": "zhongyu09", "product": "openchatbi", "versions": [{"version": "< 0.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:21:52.789Z"}, "descriptions": [{"lang": "en", "value": "OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2."}], "source": {"advisory": "GHSA-vmwq-8g8c-jm79", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:52:39.189491Z", "id": "CVE-2026-28795", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:52:48.920Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28795", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T19:52:39.189491Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:52:44.532Z"}}], "cna": {"title": "OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI", "source": {"advisory": "GHSA-vmwq-8g8c-jm79", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zhongyu09", "product": "openchatbi", "versions": [{"status": "affected", "version": "< 0.2.2"}]}], "references": [{"url": "https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79", "name": "https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/zhongyu09/openchatbi/issues/10", "name": "https://github.com/zhongyu09/openchatbi/issues/10", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/zhongyu09/openchatbi/pull/12", "name": "https://github.com/zhongyu09/openchatbi/pull/12", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75", "name": "https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:21:52.789Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28795", "state": "PUBLISHED", "dateUpdated": "2026-03-09T19:52:48.920Z", "dateReserved": "2026-03-03T14:25:19.245Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T06:21:52.789Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zhongyu09:openchatbi:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC740845-F197-49A6-9759-A538EEAECFFE", "versionEndExcluding": "0.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2."}, {"lang": "es", "value": "OpenChatBI es una herramienta de BI inteligente basada en chat, impulsada por grandes modelos de lenguaje, dise\u00f1ada para ayudar a los usuarios a consultar, analizar y visualizar datos a trav\u00e9s de conversaciones en lenguaje natural. Antes de la versi\u00f3n 0.2.2, la herramienta save_report en openchatbi/tool/save_report.py sufre de una cr\u00edtica vulnerabilidad de salto de ruta debido a una sanitizaci\u00f3n insuficiente de la entrada del par\u00e1metro file_format. Este problema ha sido parcheado en la versi\u00f3n 0.2.2."}], "id": "CVE-2026-28795", "lastModified": "2026-03-10T19:45:25.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-06T07:16:00.293", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/zhongyu09/openchatbi/issues/10"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/zhongyu09/openchatbi/pull/12"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "openchatbi", "source": "cna", "vendor": "zhongyu09"}, "product": "openchatbi", "vendor": "zhongyu09"}], "analysis": {"en": {"generated_at": "2026-04-16T11:32:32.254037+00:00", "value": {"mitigation_remediation": ["Upgrade OpenChatBI to version 0.2.2 or later where the path traversal is fixed.", "If an upgrade is not immediately possible, restrict the file_format parameter to a predefined whitelist of allowed values to block traversal attempts.", "Until the product is patched, disable or restrict access to the save_report endpoint and monitor application logs for suspicious file access requests."], "summary": {"action": "Immediate Patch", "impact": "Directory traversal allowing arbitrary local file read"}, "threat_synthesis": {"affected_systems": "The affected product is OpenChatBI by zhongyu09. Versions prior to 0.2.2 are vulnerable; the issue was patched in 0.2.2. No specific operating system requirement is listed, implying the flaw exists wherever the tool runs.", "description_and_impact": "The vulnerability resides in the save_report tool of OpenChatBI. An attacker can supply a crafted file_format value that is insufficiently sanitized, enabling path traversal across the filesystem. This flaw is a classic directory traversal (CWE\u201122), allowing the reading of any file that the application process can access, potentially exposing sensitive configuration, credentials, or data. The impact, therefore, is the disclosure of confidential information and the compromise of data integrity.", "risk_and_exploitability": "The CVSS score of 8.7 classifies the flaw as high severity. EPSS indicates a probability of exploitation below 1\u202f%, and the vulnerability is not currently listed in the CISA KEV catalog, suggesting it has not yet been widely abused. The attack vector is likely remote, as the save_report tool is exposed through the web interface or API; however, the description does not specify authentication requirements, so both authenticated and unauthenticated interactions could potentially be leveraged."}}}}, "created": "2026-03-06T14:55:36.510579+00:00", "updated": "2026-04-16T11:45:26.259686+00:00", "vendors": ["zhongyu09", "zhongyu09$PRODUCT$openchatbi"]}