Skip to main content

ChatDev CVE-2026-58166

| EUVDEUVD-2026-40373 HIGH
Path Traversal (CWE-22)
2026-06-30 VulnCheck GHSA-hh77-fhmp-pqfv
8.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.8 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.1 CRITICAL

Unauthenticated single-request upload to a network endpoint gives AV:N/AC:L/PR:N/UI:N; arbitrary write/delete is I:H/A:H with no file read, so C:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Source Code Evidence Fetched
Jun 30, 2026 - 17:43 vuln.today
Analysis Updated
Jun 30, 2026 - 17:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 17:41 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 17:22 vuln.today
cvss_changed
Severity Changed
Jun 30, 2026 - 17:22 NVD
CRITICAL HIGH
CVSS changed
Jun 30, 2026 - 17:22 NVD
9.1 (CRITICAL) 8.8 (HIGH)
Analysis Generated
Jun 30, 2026 - 17:15 vuln.today

DescriptionCVE.org

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing path traversal sequences or an absolute path to the POST uploads session endpoint, which constructs the destination path without sanitization in save_upload_file, causing file write and cleanup operations to target attacker-chosen paths on the server filesystem.

AnalysisAI

Arbitrary file write and delete in OpenBMB ChatDev through 2.2.0 lets unauthenticated remote attackers control destination paths on the server by abusing the multipart filename in the upload session endpoint. Because save_upload_file joins the attacker-supplied filename onto the temp directory without sanitization, a traversal or absolute-path filename redirects both the write and the subsequent cleanup unlink to arbitrary host locations. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed ChatDev upload endpoint
Delivery
POST multipart with '../' traversal filename
Exploit
Path built without sanitization in save_upload_file
Execution
Write/delete file at attacker-chosen path
Persist
Overwrite cron/app code or destroy files
Impact
Achieve code execution or service disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to ChatDev's file upload endpoint - specifically the POST uploads session endpoint - and the ability to send a multipart request with an attacker-chosen filename containing path traversal sequences ('../') or an absolute path; per AV:N/AC:L/PR:N/UI:N this works against an exposed instance with no authentication and no user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mostly consistent and point to a genuine priority rather than an inflated-CVSS issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an exposed ChatDev instance sends a POST request to the uploads session endpoint with a multipart filename like '../../../../etc/cron.d/payload', writing an attacker-controlled file outside the temp directory; because AV:N/AC:L/PR:N/UI:N, this needs no authentication, no user interaction, and only a single crafted request. Dropping a file into a cron directory or overwriting application code can escalate to server-side code execution, while the traversal-aware cleanup can instead be abused to delete arbitrary files and disrupt the service. …
Remediation Upgrade to a ChatDev build that includes the fix commit 4fd4da603801766b14ad8788649cfc1ad21f99a6 (merged via PR https://github.com/OpenBMB/ChatDev/pull/641); since the upstream fix is a tagged commit/PR rather than a clearly named release, treat 'Upstream fix available (commit/PR); released patched version not independently confirmed' and pin to or beyond that commit. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all OpenBMB ChatDev deployments running version 2.2.0 or earlier; implement network-level restrictions on the file upload endpoint if immediate patching is not feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58166 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy