PT-2026-53917 · Openbb · Chatdev
George Chen
·
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-58166
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenBMB ChatDev versions prior to commit 4fd4da6
Description
An unauthenticated remote attacker can write or delete arbitrary files on the server filesystem. The issue occurs because the application fails to sanitize the multipart filename provided to the 'POST uploads session' endpoint. Specifically, the
save upload file() function constructs the destination path without proper validation, allowing the use of absolute paths or path traversal sequences (such as ../) to target files outside the intended directory. This can lead to the overwriting or removal of critical system and application files, potentially resulting in a denial of service.Recommendations
Update OpenBMB ChatDev to commit 4fd4da6 or a subsequent release containing this fix.
Exploit
Fix
DoS
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chatdev