CVE-2026-28795
Published: 06 March 2026
Summary
CVE-2026-28795 is a critical-severity Path Traversal (CWE-22) vulnerability in Zhongyu09 Openchatbi. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation and sanitization of inputs like the file_format parameter to block path traversal sequences such as '../'.
Requires timely identification, reporting, and correction of flaws like the insufficient input sanitization in save_report.py, as demonstrated by the patch in version 0.2.2.
Enforces approved access authorizations for file system resources, limiting the scope of damage from successful path traversal by restricting writes to authorized directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing web app (OpenChatBI) directly enables remote unauthenticated exploitation (T1190); arbitrary file read maps to data collection from local system (T1005); arbitrary file write facilitates web shell deployment for persistence/execution (T1100).
NVD Description
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal…
more
vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.
Deeper analysisAI
CVE-2026-28795 is a critical path traversal vulnerability (CWE-22) in OpenChatBI, an intelligent chat-based business intelligence tool powered by large language models for querying, analyzing, and visualizing data via natural language. The flaw affects versions prior to 0.2.2 and stems from insufficient input sanitization of the file_format parameter in the save_report tool at openchatbi/tool/save_report.py.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation allows high-impact effects on confidentiality, integrity, and availability, enabling attackers to traverse directory paths and potentially read or write arbitrary files on the affected system.
The issue has been addressed in OpenChatBI version 0.2.2. Mitigation details are available in the GitHub security advisory (https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79), the patching commit (https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75), the related issue tracker (https://github.com/zhongyu09/openchatbi/issues/10), and the pull request (https://github.com/zhongyu09/openchatbi/pull/12).
As an LLM-powered tool, OpenChatBI demonstrates the importance of robust input validation in AI-driven applications handling user-generated content for data operations. No public evidence of real-world exploitation is noted in the provided details.
Details
- CWE(s)