CVE-2026-28677: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version
Summary
OpenSift, an AI study tool that uses semantic search (finding information based on meaning rather than exact word matches) and generative AI to analyze large datasets, had a security vulnerability in versions before 1.6.3-alpha. The vulnerability was an SSRF (server-side request forgery, where an attacker tricks the server into making requests to unintended locations) that allowed attackers to bypass security checks by using private URLs, non-standard ports, or redirects that the URL intake system didn't properly restrict.
Solution / Mitigation
This issue has been patched in version 1.6.3-alpha. Users should update OpenSift to version 1.6.3-alpha or later.
Vulnerability Details
8.2(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-28677
First tracked: March 6, 2026 at 03:07 AM
Classified by LLM (prompt v3) · confidence: 85%