PT-2026-23643 · Openshift · Openshift

Mdavistffhrtporg

·

Publicado

2026-03-06

·

Atualizado

2026-03-11

·

CVE-2026-28676

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenSift versions prior to 1.6.3-alpha
Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. Versions of OpenSift prior to 1.6.3-alpha had path-injection risks in file read, write, and delete operations due to inconsistent base-directory containment enforcement in multiple storage helpers. This could allow malicious path-like values to be introduced, potentially leading to unauthorized file system access.
Recommendations Update to version 1.6.3-alpha or later.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2026-28676
GHSA-WW4M-C7HV-2RQV

Produtos afetados

Openshift