CVE-2026-28795

Name of the Vulnerable Software and Affected Versions OpenChatBI versions prior to 0.2.2

Description OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The save report tool within the openchatbi/tool/save report.py component is susceptible to a path traversal issue because the file format parameter lacks adequate input validation. The function save report removes leading dots from the file format parameter using file format.lstrip("."), but does not prevent path traversal sequences like /../../ from being used. This allows an attacker to manipulate the Large Language Model (LLM) to call the tool with a malicious file format value, potentially overwriting system files such as init .py and leading to remote code execution. The filename is constructed using string concatenation: f"{timestamp} {clean title}.{file format}".

Recommendations Update to version 0.2.2 or later to address the issue.