Description

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution.

INFO

Published Date :

2026-02-20T23:58:22.726Z

Last Modified :

2026-02-25T21:26:30.324Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27170 vulnerability.

Vendors Products
Opensift
  • Opensift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27170.

URL Resource
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha cve-icon cve-icon
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact