{
  "variant_id": "CVE-2026-58166-pruva-negative-absolute-filename",
  "created_at": "2026-07-05T15:11:08.457199+00:00",
  "variant_summary": "Absolute multipart filenames are a same-root-cause alternate trigger for ChatDev's vulnerable upload filename path join, but the fixed/latest commit blocks them by reducing filenames to basenames before filesystem writes. No fixed-version bypass was confirmed.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/OpenBMB/ChatDev",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "a6a5cda5560053136897aa44301eacc6c48d8168",
    "version": "<=2.2.0",
    "ref": "4fd4da603801766b14ad8788649cfc1ad21f99a6^",
    "display": "ChatDev vulnerable parent of fix commit 4fd4da603801766b14ad8788649cfc1ad21f99a6"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "4fd4da603801766b14ad8788649cfc1ad21f99a6",
    "version": "post-2.2.0 fixed commit; origin/main at test time",
    "ref": "4fd4da603801766b14ad8788649cfc1ad21f99a6",
    "display": "ChatDev fixed/latest tested source; no bypass reproduced"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "api_remote_upload_filename_path_traversal",
  "validated_surface": "service_sink_direct_with_parent_api_route_equivalence",
  "required_entrypoint_kind": "api_remote",
  "required_entrypoint_detail": "POST /api/uploads/{session_id} with attacker-controlled multipart filename; variant test directly exercised AttachmentService.save_upload_file for fixed-version coverage because the parent RCA already validated this route reaches the sink.",
  "attacker_controlled_input": "Multipart UploadFile.filename containing an absolute path or traversal path; uploaded file bytes are also attacker controlled.",
  "trigger_path": "POST /api/uploads/{session_id} -> server/routes/uploads.py::upload_attachment -> server/services/attachment_service.py::AttachmentService.save_upload_file -> temp_path = temp_dir / filename -> temp_path.open('wb')",
  "observed_impact_class": "vulnerable_only_arbitrary_file_write_delete_no_fixed_bypass",
  "exploitability_confidence": "none_for_fixed_bypass_high_for_vulnerable_only_candidate",
  "evidence_scope": "runtime_sink_fix_coverage",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": false,
  "inferred": false,
  "claim_block_reason": "No distinct fixed-version bypass was reproduced. The absolute-filename alternate trigger works on the vulnerable commit but is covered by the fixed basename sanitizer.",
  "blocking_mitigation": "AttachmentService._safe_upload_filename() replaces backslashes, strips all directory components via os.path.basename(), trims whitespace, and substitutes upload.bin for empty/dot names before the path join.",
  "file_path": "server/services/attachment_service.py",
  "line_start": 47,
  "line_end": 66,
  "secondary_anchors": [
    {
      "file_path": "server/routes/uploads.py",
      "line_start": 9,
      "line_end": 16
    },
    {
      "file_path": "tests/test_attachment_upload_filename.py",
      "line_start": 23,
      "line_end": 39
    },
    {
      "file_path": "server/routes/batch.py",
      "line_start": 14,
      "line_end": 32
    },
    {
      "file_path": "server/services/batch_parser.py",
      "line_start": 24,
      "line_end": 35
    }
  ],
  "review_scope_paths": [
    "server/services/attachment_service.py",
    "server/routes/uploads.py",
    "server/routes/batch.py",
    "server/services/batch_parser.py",
    "server/routes/workflows.py",
    "server/services/workflow_storage.py",
    "server/routes/tools.py",
    "server/routes/vuegraphs.py",
    "tests/test_attachment_upload_filename.py"
  ],
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant_reproduction_steps.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh",
      "bundle/vuln_variant/attachment_filename_candidate_driver.py"
    ]
  }
}
