CVE-2026-28795
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-06
CWE-22
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zhongyu09 | openchatbi | up to 0.2.2 |
References
- github.com (Patch)
- github.com (Issue Tracking)
- github.com (Issue Tracking, Patch)
- github.com (Patch, Vendor Advisory)