PT-2026-53917 · Openbb · Chatdev

George Chen

·

Published

2026-06-30

·

Updated

2026-06-30

·

CVE-2026-58166

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenBMB ChatDev versions prior to commit 4fd4da6
Description An unauthenticated remote attacker can write or delete arbitrary files on the server filesystem. The issue occurs because the application fails to sanitize the multipart filename provided to the 'POST uploads session' endpoint. Specifically, the save upload file() function constructs the destination path without proper validation, allowing the use of absolute paths or path traversal sequences (such as ../) to target files outside the intended directory. This can lead to the overwriting or removal of critical system and application files, potentially resulting in a denial of service.
Recommendations Update OpenBMB ChatDev to commit 4fd4da6 or a subsequent release containing this fix.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58166

Affected Products

Chatdev