CVE-2026-27169

Name of the Vulnerable Software and Affected Versions OpenSift versions 1.1.2-alpha and below

Description OpenSift is an AI study tool that utilizes semantic search and generative AI to process large datasets. The application renders untrusted user and model content in its chat tool user interface using unsafe HTML interpolation, resulting in a cross-site scripting (XSS) condition. Stored content can execute JavaScript when viewed in authenticated sessions. An attacker influencing stored study, quiz, or flashcard content could trigger script execution in a victim’s browser, potentially allowing actions to be performed as that user within the application session.

Recommendations Update to version 1.1.3-alpha or later.