FKIE_CVE-2026-27169

Vulnerability from fkie_nvd - Published: 2026-02-21 00:16 - Updated: 2026-02-23 20:50
Severity ?
8.9 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
References
security-advisories@github.comhttps://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alphaProduct, Release Notes
security-advisories@github.comhttps://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5Vendor Advisory
Impacted products
Vendor Product Version
opensift opensift *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "319EE5EC-3784-4572-A7A3-DFE3BC789A64",
              "versionEndExcluding": "1.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim\u2019s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha."
    },
    {
      "lang": "es",
      "value": "OpenSift es una herramienta de estudio de IA que tamiza grandes conjuntos de datos utilizando b\u00fasqueda sem\u00e1ntica e IA generativa. Las versiones 1.1.2-alpha e inferiores renderizan contenido no confiable de usuario/modelo en las superficies de la interfaz de usuario de la herramienta de chat utilizando patrones de interpolaci\u00f3n HTML inseguros, lo que lleva a XSS. El contenido almacenado puede ejecutar JavaScript cuando se visualiza posteriormente en sesiones autenticadas. Un atacante que puede influir en el contenido almacenado de estudio/cuestionario/tarjetas did\u00e1cticas podr\u00eda desencadenar la ejecuci\u00f3n de scripts en el navegador de una v\u00edctima, realizando potencialmente acciones como ese usuario en la sesi\u00f3n de la aplicaci\u00f3n local. Este problema ha sido solucionado en la versi\u00f3n 1.1.3-alpha."
    }
  ],
  "id": "CVE-2026-27169",
  "lastModified": "2026-02-23T20:50:36.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.9,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-21T00:16:16.810",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.