Search criteria
6 vulnerabilities by OpenSift
CVE-2026-28677 (GCVE-0-2026-28677)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:23 – Updated: 2026-03-06 16:07
VLAI?
Title
OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha.
Severity ?
8.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T16:00:17.295863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:07:38.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:23:23.695Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-5jfc-p787-2mf9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-5jfc-p787-2mf9"
},
{
"name": "https://github.com/OpenSift/OpenSift/pull/67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/pull/67"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/de99b9c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"
}
],
"source": {
"advisory": "GHSA-5jfc-p787-2mf9",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28677",
"datePublished": "2026-03-06T04:23:23.695Z",
"dateReserved": "2026-03-02T21:43:19.926Z",
"dateUpdated": "2026-03-06T16:07:38.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28676 (GCVE-0-2026-28676)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:23 – Updated: 2026-03-06 04:23
VLAI?
Title
OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:23:12.727Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv"
},
{
"name": "https://github.com/OpenSift/OpenSift/pull/67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/pull/67"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/de99b9c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"
}
],
"source": {
"advisory": "GHSA-ww4m-c7hv-2rqv",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28676",
"datePublished": "2026-03-06T04:23:12.727Z",
"dateReserved": "2026-03-02T21:43:19.926Z",
"dateUpdated": "2026-03-06T04:23:12.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28675 (GCVE-0-2026-28675)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:22 – Updated: 2026-03-06 04:22
VLAI?
Title
OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:22:58.374Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976"
},
{
"name": "https://github.com/OpenSift/OpenSift/pull/67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/pull/67"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/de99b9c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"
}
],
"source": {
"advisory": "GHSA-667g-rvcj-w976",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28675",
"datePublished": "2026-03-06T04:22:58.374Z",
"dateReserved": "2026-03-02T21:43:19.926Z",
"dateUpdated": "2026-03-06T04:22:58.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27189 (GCVE-0-2026-27189)
Vulnerability from cvelistv5 – Published: 2026-02-21 00:01 – Updated: 2026-02-25 21:25
VLAI?
Title
OpenSift: Race-prone local persistence could cause state corruption/loss
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.
Severity ?
6.6 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:25:43.072602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:25:52.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-21T00:01:46.960Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxq"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha"
}
],
"source": {
"advisory": "GHSA-3pmp-j953-whxq",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Race-prone local persistence could cause state corruption/loss"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27189",
"datePublished": "2026-02-21T00:01:46.960Z",
"dateReserved": "2026-02-18T19:47:02.153Z",
"dateUpdated": "2026-02-25T21:25:52.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27170 (GCVE-0-2026-27170)
Vulnerability from cvelistv5 – Published: 2026-02-20 23:58 – Updated: 2026-02-25 21:26
VLAI?
Title
OpenSift: SSRF risk in URL ingestion endpoint
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:26:21.737497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:26:30.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T23:58:22.726Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha"
}
],
"source": {
"advisory": "GHSA-3w2r-hj5p-h6pp",
"discovery": "UNKNOWN"
},
"title": "OpenSift: SSRF risk in URL ingestion endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27170",
"datePublished": "2026-02-20T23:58:22.726Z",
"dateReserved": "2026-02-18T00:18:53.963Z",
"dateUpdated": "2026-02-25T21:26:30.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27169 (GCVE-0-2026-27169)
Vulnerability from cvelistv5 – Published: 2026-02-20 23:51 – Updated: 2026-02-25 21:23
VLAI?
Title
OpenSift: Persistent XSS Chat Tool Rendering
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
Severity ?
8.9 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:23:27.545879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:23:38.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim\u2019s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T23:51:45.990Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha"
}
],
"source": {
"advisory": "GHSA-qrpx-7cmv-5gv5",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Persistent XSS Chat Tool Rendering"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27169",
"datePublished": "2026-02-20T23:51:45.990Z",
"dateReserved": "2026-02-18T00:18:53.963Z",
"dateUpdated": "2026-02-25T21:23:38.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}