CVE-2026-27170: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.
Summary
OpenSift, an AI study tool that searches through large datasets using semantic search (finding similar content based on meaning) and generative AI, has a vulnerability in versions 1.1.2-alpha and below where it can be tricked into requesting unsafe internet addresses through its URL ingest feature (the part that accepts web links as input). An attacker could exploit this to access private or local network resources from the computer running OpenSift.
Solution / Mitigation
This issue has been fixed in version 1.1.3-alpha. As a temporary workaround for trusted local-only exceptions, use the setting OPENSIFT_ALLOW_PRIVATE_URLS=true, but this should be used with caution.
Vulnerability Details
7.1(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27170
First tracked: February 20, 2026 at 11:07 PM
Classified by LLM (prompt v3) · confidence: 85%