{"data":{"id":"2e9980e2-d1ef-4928-88a4-fb5e3cd0a808","title":"CVE-2026-28675: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version","summary":"OpenSift, an AI study tool that uses semantic search (finding information based on meaning rather than exact word matches) and generative AI to analyze large datasets, had a security problem in versions before 1.6.3-alpha where it exposed sensitive information. Specifically, the tool returned raw error messages to users and leaked login tokens (credentials that prove who you are) in responses shown on the screen and in token rotation output (the process of replacing old credentials with new ones).","solution":"This issue has been patched in version 1.6.3-alpha. Users should upgrade to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-28675","publishedAt":"2026-03-06T05:16:35.900Z","cveId":"CVE-2026-28675","cweIds":["CWE-200","CWE-209"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenSift"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00031,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116","CAPEC-54"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}