GHSA-vmwq-8g8c-jm79: OpenChatBI has a Path Traversal Vulnerability in save_report Tool
highvulnerabilityLLM-Specific
security
Source: GitHub Advisory DatabaseMarch 2, 2026
Summary
OpenChatBI has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its save_report tool because it doesn't properly validate the file_format parameter, allowing attackers to use sequences like '/../' to write files to arbitrary locations and potentially execute malicious code.
Solution / Mitigation
Upgrade to version 0.2.2 or later, which includes the fix from PR #12.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Affected Packages
openchatbi@<= 0.2.1 (fixed: 0.2.2)
Related Issues
Original source: https://github.com/advisories/GHSA-vmwq-8g8c-jm79
First tracked: March 2, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 92%