{"data":{"id":"6008e238-5369-4e8d-aeda-2ca1aa178d91","title":"CVE-2026-28795: OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze,","summary":"OpenChatBI is a chat-based business intelligence tool that uses large language models to help users analyze data through conversation. Before version 0.2.2, it had a critical path traversal vulnerability (CWE-22, a flaw that lets attackers access files outside their intended directory) in its save_report tool because it didn't properly check the file_format input parameter. This vulnerability had a CVSS score (severity rating) of 8.7, indicating it was high-risk.","solution":"This issue has been patched in version 0.2.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-28795","publishedAt":"2026-03-06T07:16:00.293Z","cveId":"CVE-2026-28795","cweIds":["CWE-22"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenChatBI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00063,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}