PT-2026-59433 · Pypi · Openchatbi

Publicado

2026-07-13

·

Atualizado

2026-07-13

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

The save report tool in openchatbi/tool/save report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file format parameter.
The function only removes leading dots of file format using file format.lstrip(".") but allows path traversal sequences like /../../ to pass through unchanged. When the filename is constructed via string concatenation in
f"{timestamp} {clean title}.{file format}"
malicious path sequences are preserved, enabling attackers to write files outside the designated report directory.
An attacker can manipulate the LLM to call the tool with a specific file format to overwrite critical system files like init .py, potentially leading to remote code execution.

Patches

Workarounds

No

References

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

PYSEC-2026-2794

Produtos afetados

Openchatbi