CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

CVE-2026-28677

OpenSift prior to v1.6.3-alpha exposed an SSRF vulnerability in the URL ingest pipeline due to incomplete destination restrictions on user-controlled URLs. In non-localhost deployments, credentialed URLs, non-standard ports, and cross-host redirects created abuse paths. The issue has been patched...

CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

CVE-2026-27189

OpenSift: A race-prone local persistence issue in versions ≤ 1.1.2-alpha due to non-atomic and insufficiently synchronized JSON persistence flows. This can cause concurrent operations to lose updates or corrupt local state across sessions (study/quiz/flashcard/wellness/auth stores). The vulnerabi...