Skip to main content

Chatdev

1 CVEs product

Monthly

CVE-2026-58166 HIGH POC PATCH This Week

Arbitrary file write and delete in OpenBMB ChatDev through 2.2.0 lets unauthenticated remote attackers control destination paths on the server by abusing the multipart filename in the upload session endpoint. Because save_upload_file joins the attacker-supplied filename onto the temp directory without sanitization, a traversal or absolute-path filename redirects both the write and the subsequent cleanup unlink to arbitrary host locations. Publicly available exploit code exists and a vendor fix is available (commit 4fd4da6); there is no public exploit identified as actively exploited in CISA KEV at time of analysis.

Path Traversal File Upload Chatdev
NVD GitHub
CVSS 4.0
8.8
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary file write and delete in OpenBMB ChatDev through 2.2.0 lets unauthenticated remote attackers control destination paths on the server by abusing the multipart filename in the upload session endpoint. Because save_upload_file joins the attacker-supplied filename onto the temp directory without sanitization, a traversal or absolute-path filename redirects both the write and the subsequent cleanup unlink to arbitrary host locations. Publicly available exploit code exists and a vendor fix is available (commit 4fd4da6); there is no public exploit identified as actively exploited in CISA KEV at time of analysis.

Path Traversal File Upload Chatdev
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy