CVE-2026-58166 in ChatDev
Summary
by MITRE • 06/30/2026
OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing path traversal sequences or an absolute path to the POST uploads session endpoint, which constructs the destination path without sanitization in save_upload_file, causing file write and cleanup operations to target attacker-chosen paths on the server filesystem.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/30/2026
This vulnerability exists within OpenBMB ChatDev version 2.2.0 and earlier, where the file upload functionality lacks proper input validation and sanitization mechanisms. The issue stems from the save_upload_file function which directly incorporates user-supplied multipart filenames into the destination path construction without adequate sanitization measures. Attackers can exploit this weakness by crafting malicious filenames containing path traversal sequences such as ../ or absolute paths that bypass normal file system boundaries. The vulnerability is particularly dangerous because it affects an unauthenticated endpoint, meaning any remote attacker can potentially exploit it without requiring prior authentication credentials. This represents a critical security flaw that violates fundamental principles of secure file handling and input validation.
The technical exploitation occurs at the POST uploads session endpoint where the application processes file uploads from clients. When a malicious filename is submitted, the system constructs the destination path by concatenating user input directly into the file system operations without proper sanitization or validation. This allows attackers to manipulate the file system location where uploaded files are stored, enabling them to write files to arbitrary locations on the server or even delete existing files. The vulnerability specifically targets the save_upload_file function which is responsible for handling the actual file persistence operations, making it a direct attack vector against the application's file system integrity and security boundaries.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it provides attackers with potential persistence mechanisms and privilege escalation opportunities within the affected system. An attacker who successfully exploits this vulnerability could potentially overwrite critical application files, inject malicious code into the server environment, or delete important system components. The vulnerability also creates a risk for data integrity and confidentiality, as attackers can manipulate the file system to hide malicious activities or corrupt legitimate data. From an attack perspective, this vulnerability aligns with the ATT&CK technique T1059.007 (Command and Scripting Interpreter: Python) when combined with path traversal attacks, and represents a direct violation of CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Mitigation strategies should focus on implementing proper input validation and sanitization for all user-supplied filenames, including the removal of path traversal sequences and absolute path references. The application should enforce strict filename validation that only allows alphanumeric characters, periods, underscores, and hyphens while rejecting any components that could be used for directory traversal. Additionally, all file operations should utilize a whitelist approach for valid directories where files can be stored, ensuring that even if malicious input is submitted, it cannot be written to unauthorized locations. The fix implemented in commit 4fd4da6 likely addresses these issues through proper path validation and sanitization of user input before file system operations are performed. Security teams should also implement monitoring for unusual file system activities and consider implementing least privilege principles for the application's file system access rights to limit potential damage from successful exploitation attempts.