CVE-2026-28795: OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze,
highvulnerabilityLLM-Specific
security
Summary
OpenChatBI is a chat-based business intelligence tool that uses large language models to help users analyze data through conversation. Before version 0.2.2, it had a critical path traversal vulnerability (CWE-22, a flaw that lets attackers access files outside their intended directory) in its save_report tool because it didn't properly check the file_format input parameter. This vulnerability had a CVSS score (severity rating) of 8.7, indicating it was high-risk.
Solution / Mitigation
This issue has been patched in version 0.2.2.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-28795
First tracked: March 6, 2026 at 03:07 AM
Classified by LLM (prompt v3) · confidence: 92%