CVE-2026-27170

Name of the Vulnerable Software and Affected Versions OpenSift versions 1.1.2-alpha and below

Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. The software’s URL ingest feature in versions 1.1.2-alpha and earlier exhibits overly permissive server-side fetch behavior, potentially allowing requests to unsafe targets. This can lead to probing of private or local network resources from the OpenSift host process when processing attacker-controlled URLs. The API endpoint responsible for URL ingestion is susceptible to this issue. The vulnerable parameter is the URL itself, which is used in a server-side fetch operation.

Recommendations Update to version 1.1.3-alpha or later. If using trusted local-only exceptions, use OPENSIFT ALLOW PRIVATE URLS=true with caution.