SYS::ONLINE
Wasteland.
Briefs1061
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-58166 2026-06-30

CVE-2026-58166: Unauthenticated Path Traversal in OpenBMB ChatDev Upload Handler

"A critical path traversal flaw in OpenBMB ChatDev lets unauthenticated remote attackers write or delete arbitrary files on the server by abusing an unsanitized file upload endpoint."

A critical path traversal flaw in OpenBMB ChatDev lets unauthenticated remote attackers write or delete arbitrary files on the server by abusing an unsanitized file upload endpoint.

What Is It

CVE-2026-58166 is a path traversal vulnerability (CWE-22) in OpenBMB ChatDev through version 2.2.0. The file upload endpoint fails to sanitize the multipart filename it receives, and the save_upload_file routine constructs the destination path directly from attacker-controlled input. By supplying a filename containing path traversal sequences (such as ../) or an absolute path to the POST uploads session endpoint, an unauthenticated remote attacker can direct both file write and cleanup (delete) operations to arbitrary locations on the server filesystem.

Why It Matters

The flaw carries a CVSS 3.1 base score of 9.1 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. It requires no authentication, no privileges, and no user interaction, and it can be triggered over the network with low attack complexity. The impact is high to both integrity and availability: an attacker who can write or delete arbitrary files on the host can corrupt or destroy data and potentially plant files that lead to further compromise. The secondary CVSS 4.0 assessment scores it 8.8 (HIGH).

What's Vulnerable

The vulnerable component is the file upload handler, specifically the save_upload_file function serving the POST uploads session endpoint.

Patch Status

A fix is available. The vulnerability is resolved in commit 4fd4da6, delivered via pull request #641 and tracked in issue #638. Operators running ChatDev 2.2.0 or earlier should update to a build that includes this commit. This CVE does not appear in the supplied CISA KEV data, so there is no confirmation of active exploitation from that source.

Sources