CVE-2026-27169

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.

CVSS v3 8.9 HIGH

8.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha	Product Release Notes
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*

History

No history.

Information

Published : 2026-02-21 00:16

Updated : 2026-02-23 20:50

NVD link : CVE-2026-27169

Mitre link : CVE-2026-27169

CVE.ORG link : CVE-2026-27169

JSON object : View

Products Affected

opensift

opensift

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2026-27169", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2026-02-21T00:16:16.810", "references": [{"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim\u2019s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha."}, {"lang": "es", "value": "OpenSift es una herramienta de estudio de IA que tamiza grandes conjuntos de datos utilizando b\u00fasqueda sem\u00e1ntica e IA generativa. Las versiones 1.1.2-alpha e inferiores renderizan contenido no confiable de usuario/modelo en las superficies de la interfaz de usuario de la herramienta de chat utilizando patrones de interpolaci\u00f3n HTML inseguros, lo que lleva a XSS. El contenido almacenado puede ejecutar JavaScript cuando se visualiza posteriormente en sesiones autenticadas. Un atacante que puede influir en el contenido almacenado de estudio/cuestionario/tarjetas did\u00e1cticas podr\u00eda desencadenar la ejecuci\u00f3n de scripts en el navegador de una v\u00edctima, realizando potencialmente acciones como ese usuario en la sesi\u00f3n de la aplicaci\u00f3n local. Este problema ha sido solucionado en la versi\u00f3n 1.1.3-alpha."}], "lastModified": "2026-02-23T20:50:36.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "319EE5EC-3784-4572-A7A3-DFE3BC789A64", "versionEndExcluding": "1.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}