VYPR
High severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026

OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

CVE-2026-28795

Description

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openchatbiPyPI
< 0.2.20.2.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.