Description

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.

INFO

Published Date :

2026-02-20T23:51:45.990Z

Last Modified :

2026-02-25T21:23:38.098Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27169 vulnerability.

Vendors Products
Opensift
  • Opensift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27169.

URL Resource
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha cve-icon cve-icon
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact