CVE-2026-28795 is a critical path traversal vulnerability identified in the openchatbi intelligent chat-based business intelligence tool developed by zhongyu09. The vulnerability resides in the save_report.py script within the save_report tool, specifically in the handling of the file_format parameter. Prior to version 0.2.2, this parameter is not properly sanitized, allowing an attacker to craft malicious input that escapes the intended directory restrictions. This improper limitation of pathname (CWE-22) enables attackers to traverse directories and potentially read or write files outside the designated safe directory. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 score of 8.7 reflects the vulnerability's ease of exploitation (network vector, low complexity), lack of required privileges or user interaction, and high impact on confidentiality due to unauthorized file access or modification. Although no known exploits have been reported in the wild, the vulnerability poses a significant threat to organizations relying on openchatbi for data querying and visualization. The patch released in version 0.2.2 addresses this issue by implementing proper input validation and sanitization of the file_format parameter to restrict file path traversal.

The exploitation of this vulnerability can lead to unauthorized disclosure and modification of sensitive files on affected systems, compromising confidentiality and integrity. Attackers could access configuration files, sensitive reports, or system files, potentially leading to further system compromise or data leakage. Since openchatbi is used for business intelligence and data visualization, unauthorized file access could expose critical business data or intellectual property. The vulnerability does not directly impact availability but could be leveraged as a foothold for more damaging attacks. Organizations worldwide using vulnerable versions of openchatbi face increased risk of data breaches and operational disruption. The lack of authentication and user interaction requirements makes it easier for attackers to exploit this flaw remotely, increasing the threat surface.

Organizations should immediately upgrade openchatbi to version 0.2.2 or later where the vulnerability is patched. If upgrading is not immediately feasible, implement strict input validation and sanitization on the file_format parameter at the application or proxy level to block path traversal characters such as '../'. Employ file system permissions to restrict the openchatbi process to only necessary directories, minimizing potential damage from exploitation. Monitor logs for suspicious file access patterns or unexpected file writes. Conduct regular security assessments and code reviews focusing on input handling in similar components. Additionally, network-level controls such as web application firewalls (WAFs) can be configured to detect and block path traversal attempts targeting the save_report endpoint.