{"data":{"id":"32575609-fc59-4641-a5dd-bf519d63c46c","title":"CVE-2026-27170: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.","summary":"OpenSift, an AI study tool that searches through large datasets using semantic search (finding similar content based on meaning) and generative AI, has a vulnerability in versions 1.1.2-alpha and below where it can be tricked into requesting unsafe internet addresses through its URL ingest feature (the part that accepts web links as input). An attacker could exploit this to access private or local network resources from the computer running OpenSift.","solution":"This issue has been fixed in version 1.1.3-alpha. As a temporary workaround for trusted local-only exceptions, use the setting OPENSIFT_ALLOW_PRIVATE_URLS=true, but this should be used with caution.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-27170","publishedAt":"2026-02-21T00:16:16.980Z","cveId":"CVE-2026-27170","cweIds":["CWE-20","CWE-918"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenSift"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00051,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}