High (8.9)

CVE-2026-27169: OpenSift

CVE-2026-27169

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces usin...

Overview

A significant security vulnerability has been identified in OpenSift, an AI-powered study tool. This flaw allows for Cross-Site Scripting (XSS) attacks, where malicious code can be injected into the application and executed in a user’s browser.

Vulnerability Details

In OpenSift versions 1.1.2-alpha and earlier, the chat interface does not properly sanitize user-supplied content. When the application displays study materials, quizzes, or flashcards that contain hidden malicious code, that code can execute in the viewer’s browser session. This is a “stored” XSS vulnerability, meaning the harmful payload is saved within the application (e.g., in a shared study set) and triggers whenever that content is viewed.

Impact

The severity of this vulnerability is rated as HIGH (CVSS score: 8.9). An attacker could exploit this by creating or manipulating study content with embedded malicious scripts. When a victim-such as another student or a teacher-views this content while logged in, the script executes in their browser within the context of their OpenSift session. This could allow the attacker to:

  • Perform actions on behalf of the victim without their consent.
  • Steal session cookies or authentication tokens.
  • Access, modify, or delete the victim’s study data and personal information within the app.
  • Redirect the user to malicious websites.

Affected Versions

  • OpenSift version 1.1.2-alpha and all earlier versions.

Remediation and Mitigation

The issue has been addressed by the maintainers. Immediate action is required.

Primary Action - Upgrade:

  • Upgrade to OpenSift version 1.1.3-alpha or later immediately. This version contains the necessary fixes to properly sanitize content and prevent this attack.

If Immediate Upgrade is Not Possible:

  1. Audit Content: Review and monitor user-generated study sets, quizzes, and flashcards for suspicious content, particularly those containing HTML or JavaScript-like code.
  2. User Awareness: Advise users to be cautious when accessing shared study content from untrusted sources within the platform.
  3. Network Controls: Consider implementing web application firewall (WAF) rules designed to block common XSS payloads. This is a temporary mitigation, not a permanent fix.

Verification: After upgrading, confirm that user-generated content in chat and study interfaces is displayed as plain text or properly escaped HTML, and does not execute as code in the browser.

Reference: CVE-2026-27169

Share:

Never miss a critical vulnerability

Get real-time security alerts delivered to your preferred platform.

Telegram LinkedIn Mastodon Bluesky

Related Advisories

High (8.9) Apr 18
CVE-2026-40487

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to th...
High (8.7) Apr 17
CVE-2026-40262

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which do...
High (8.9) Apr 15
CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges c...
High (8.2) Apr 12
CVE-2026-1116

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of...

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.