CVE-2026-58166 | OpenBMB ChatDev up to 2.2.0 File Upload Endpoint path traversal (Issue 638)

June 30, 2026 Yanac

A vulnerability described as critical has been identified in OpenBMB ChatDev up to 2.2.0. The impacted element is an unknown function of the component File Upload Endpoint. Such manipulation leads to path traversal.

This vulnerability is documented as CVE-2026-58166. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More