{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28676", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-02T21:43:19.926Z", "datePublished": "2026-03-06T04:23:12.727Z", "dateUpdated": "2026-03-09T19:48:27.645Z"}, "containers": {"cna": {"title": "OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv"}, {"name": "https://github.com/OpenSift/OpenSift/pull/67", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSift/OpenSift/pull/67"}, {"name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"}, {"name": "https://github.com/OpenSift/OpenSift/commit/de99b9c", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"}, {"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"}], "affected": [{"vendor": "OpenSift", "product": "OpenSift", "versions": [{"version": "< 1.6.3-alpha", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T04:23:12.727Z"}, "descriptions": [{"lang": "en", "value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."}], "source": {"advisory": "GHSA-ww4m-c7hv-2rqv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:48:09.897561Z", "id": "CVE-2026-28676", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:48:27.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28676", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-09T19:48:09.897561Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:48:16.112Z"}}], "cna": {"title": "OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations", "source": {"advisory": "GHSA-ww4m-c7hv-2rqv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "OpenSift", "product": "OpenSift", "versions": [{"status": "affected", "version": "< 1.6.3-alpha"}]}], "references": [{"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv", "name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenSift/OpenSift/pull/67", "name": "https://github.com/OpenSift/OpenSift/pull/67", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b", "name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenSift/OpenSift/commit/de99b9c", "name": "https://github.com/OpenSift/OpenSift/commit/de99b9c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha", "name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T04:23:12.727Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28676", "state": "PUBLISHED", "dateUpdated": "2026-03-09T19:48:27.645Z", "dateReserved": "2026-03-02T21:43:19.926Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T04:23:12.727Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*", "matchCriteriaId": "D1037E2F-1527-4C09-8D8D-78E56E6DDC78", "versionEndExcluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."}, {"lang": "es", "value": "OpenSift es una herramienta de estudio de IA que tamiza grandes conjuntos de datos utilizando b\u00fasqueda sem\u00e1ntica e IA generativa. Antes de la versi\u00f3n 1.6.3-alpha, m\u00faltiples asistentes de almacenamiento utilizaban patrones de construcci\u00f3n de rutas que no aplicaban uniformemente la contenci\u00f3n del directorio base. Esto creaba riesgo de inyecci\u00f3n de rutas en los flujos de lectura/escritura/eliminaci\u00f3n de archivos si se introduc\u00edan valores maliciosos similares a rutas. Este problema ha sido parcheado en la versi\u00f3n 1.6.3-alpha."}], "id": "CVE-2026-28676", "lastModified": "2026-03-18T13:02:04.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-06T05:16:36.270", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/OpenSift/OpenSift/pull/67"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Patch"], "url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.3-alpha)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenSift", "source": "cna", "vendor": "OpenSift"}, "product": "opensift", "vendor": "opensift"}], "analysis": {"en": {"generated_at": "2026-04-16T11:38:45.093275+00:00", "value": {"mitigation_remediation": ["Upgrade OpenSift to version 1.6.3\u2011alpha or later, which includes corrected path containment logic.", "Run the application under the least-privileged user account and configure file system permissions to restrict write/delete access outside the intended data directories.", "Enable detailed application and system logging for file access operations, then monitor the logs for anomalous read, write, or delete actions that could indicate exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Unauthorized file access and deletion leading to data compromise"}, "threat_synthesis": {"affected_systems": "Vulnerable versions of OpenSift prior to 1.6.3-alpha are affected. The issue arises in the OpenSift application built with Python, which uses the open-source opensift package. No specific operating system or platform pieces are limited; the flaw exists wherever the vulnerable storage helpers are used in a deployment of the affected OpenSift release.", "description_and_impact": "OpenSift, an AI research tool, incorrectly constructed file paths in its storage helpers before version 1.6.3-alpha, allowing an attacker to inject path-like values that bypassed base-directory containment checks. This flaw permits read, write, or delete operations on arbitrary files on the host filesystem. Successful exploitation would let an adversary disclose sensitive data, corrupt or erase files, and potentially gain privileges if the application process has elevated rights. The weakness is classified as CWE\u201122, a path traversal vulnerability with high potential for information compromise.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity level. EPSS is reported as less than 1\u202f%, implying that while the likelihood of public exploitation is currently low, the vulnerability remains present and could be leveraged in targeted attacks. The vendor has patched the issue in release 1.6.3\u2011alpha, but the flaw is not listed in the CISA KEV catalog, which suggests no widely disclosed exploits at present. Likely attack vectors involve supplying crafted file path parameters via the application\u2019s API or user interface, then triggering storage operations that treat those parameters unsafely."}}}}, "created": "2026-03-06T14:55:52.217584+00:00", "updated": "2026-04-16T11:45:26.266338+00:00", "vendors": ["opensift", "opensift$PRODUCT$opensift"]}