CVE-2026-28676: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version
Summary
OpenSift is an AI study tool that uses semantic search (finding information based on meaning rather than exact keywords) and generative AI to analyze large datasets. Before version 1.6.3-alpha, the software had a path-injection vulnerability (a flaw where attackers could manipulate file paths to access files outside intended directories) in its file storage system, allowing potential unauthorized file read, write, or delete operations.
Solution / Mitigation
This issue has been patched in version 1.6.3-alpha. Users should update to this version or later.
Vulnerability Details
8.8(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-28676
First tracked: March 6, 2026 at 03:07 AM
Classified by LLM (prompt v3) · confidence: 85%