Cyber Resilience

CVE-2026-28795

High

Published: 06 March 2026

Published
06 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 35.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28795 is a high-severity Path Traversal (CWE-22) vulnerability in Zhongyu09 Openchatbi. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28795 is a critical path traversal vulnerability (CWE-22) in OpenChatBI, an intelligent chat-based business intelligence tool powered by large language models for querying, analyzing, and visualizing data via natural language. The flaw affects versions prior to 0.2.2 and stems from insufficient input sanitization of the file_format parameter in the save_report tool at openchatbi/tool/save_report.py.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation allows high-impact effects on confidentiality, integrity, and availability, enabling attackers to traverse directory paths and potentially read or write arbitrary files on the affected system.

The issue has been addressed in OpenChatBI version 0.2.2. Mitigation details are available in the GitHub security advisory (https://github.com/zhongyu09/openchatbi/security/advisories/GHSA-vmwq-8g8c-jm79), the patching commit (https://github.com/zhongyu09/openchatbi/commit/372a7e861da5159c3106d64d6f6edf8284db8c75), the related issue tracker (https://github.com/zhongyu09/openchatbi/issues/10), and the pull request (https://github.com/zhongyu09/openchatbi/pull/12).

As an LLM-powered tool, OpenChatBI demonstrates the importance of robust input validation in AI-driven applications handling user-generated content for data operations. No public evidence of real-world exploitation is noted in the provided details.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal…

more

vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal in public-facing web app (OpenChatBI) directly enables remote unauthenticated exploitation (T1190); arbitrary file read maps to data collection from local system (T1005); arbitrary file write facilitates web shell deployment for persistence/execution (T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24406Shared CWE-22
CVE-2026-24848Shared CWE-22
CVE-2025-66687Shared CWE-22
CVE-2025-26753Shared CWE-22
CVE-2025-44177Shared CWE-22
CVE-2023-42226Shared CWE-22
CVE-2026-1111Shared CWE-22
CVE-2026-39859Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2025-8343Shared CWE-22

Affected Assets

zhongyu09
openchatbi
≤ 0.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation and sanitization of inputs like the file_format parameter to block path traversal sequences such as '../'.

prevent

Requires timely identification, reporting, and correction of flaws like the insufficient input sanitization in save_report.py, as demonstrated by the patch in version 0.2.2.

prevent

Enforces approved access authorizations for file system resources, limiting the scope of damage from successful path traversal by restricting writes to authorized directories.

References