CVE-2026-58166: OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete — Zero Day Monitor