Path Traversal in Zhongyu09 Openchatbi

CVE-2026-28795

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (25.3th percentile) — read the EPSS interpretation.

Affected products

Zhongyu09 Openchatbi — versions < 0.2.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79 (x_refsource_CONFIRM)
https://github.com/zhongyu09/openchatbi/issues/10 (x_refsource_MISC)
https://github.com/zhongyu09/openchatbi/pull/12 (x_refsource_MISC)
https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75 (x_refsource_MISC)