4 matches found
CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...
CVE-2026-28676
OpenSift (before version 1.6.3-alpha) has a path-construction defect in multiple storage helpers that failed to consistently enforce base-directory containment for file read/write/delete operations, creating a path-injection risk. CVSS 3.1 base score 8.8 (HIGH) with network attack vector, low att...
CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...
CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...