Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha.
Published: 2026-03-06
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Internal network access via insecure URL ingestion (SSRF)-style exploit
Action: Immediate Patch
AI Analysis

Impact

The ingest pipeline in OpenSift accepts user-provided URLs without adequate destination validation. Private/local host checks are present, but restrictions for credentialed URLs, non-standard ports, and cross-host redirects are missing. This creates SSRF-style abuse paths that can allow an attacker to reach internal resources, exposing confidential data or enabling further compromise. The vulnerability is classified as CWE‑918, reflecting a lack of proper access control for remote resources.

Affected Systems

OpenSift – any instance running a version earlier than 1.6.3‑alpha. The affected code is part of the URL ingest pipeline used by the OpenSift AI study tool. The fix is implemented in release v1.6.3‑alpha.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.2, indicating high severity. Its EPSS score is below 1%, implying a very low probability of exploitation at this time, and it is not listed in the CISA KEV catalog. Nevertheless, the attack can be executed by any user able to submit ingestion requests, using specially crafted URLs that bypass the incomplete destination checks and reach services on internal addresses, potentially exposing internal data or facilitating further lateral movement.

Generated by OpenCVE AI on April 17, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenSift to version 1.6.3‑alpha or newer, which corrects the URL destination validation.
  • If upgrading is not immediately possible, restrict user access to the ingest API to trusted users or implement outbound ACLs that block non‑localhost destinations.
  • Monitor ingestion logs for outbound requests to internal addresses and investigate any that appear suspicious.

Generated by OpenCVE AI on April 17, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*

Fri, 06 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Opensift
Opensift opensift
Vendors & Products Opensift
Opensift opensift

Fri, 06 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha.
Title OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L'}

Subscriptions

Opensift Opensift
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-06T16:07:38.831Z

Reserved: 2026-03-02T21:43:19.926Z

Link: CVE-2026-28677

cve-icon Vulnrichment

Updated: 2026-03-06T16:00:18.725Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T05:16:36.610

Modified: 2026-03-18T12:59:04.400

Link: CVE-2026-28677

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:30:06Z

Weaknesses