CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.3%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2026-28676

Opensift » Opensift » Version: 1.0.0

cpe:2.3:a:opensift:opensift:1.0.0
Opensift » Opensift » Version: 1.0.1

cpe:2.3:a:opensift:opensift:1.0.1
Opensift » Opensift » Version: 1.1.0

cpe:2.3:a:opensift:opensift:1.1.0
Opensift » Opensift » Version: 1.1.1

cpe:2.3:a:opensift:opensift:1.1.1
Opensift » Opensift » Version: 1.1.2

cpe:2.3:a:opensift:opensift:1.1.2
Opensift » Opensift » Version: 1.1.3

cpe:2.3:a:opensift:opensift:1.1.3
Opensift » Opensift » Version: 1.3.1

cpe:2.3:a:opensift:opensift:1.3.1
Opensift » Opensift » Version: 1.4.0

cpe:2.3:a:opensift:opensift:1.4.0
Opensift » Opensift » Version: 1.5.0

cpe:2.3:a:opensift:opensift:1.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28676

Products

Pricing

Contact Us