CVE-2026-28677

Name of the Vulnerable Software and Affected Versions OpenSift versions prior to 1.6.3-alpha

Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. The URL ingest pipeline had insufficient restrictions on user-controlled remote URLs, creating potential Server-Side Request Forgery (SSRF) vulnerabilities in deployments that are not limited to localhost. Specifically, the pipeline lacked restrictions for credentialed URLs, non-standard ports, and cross-host redirects, despite having some private/local host checks. The issue was addressed in version 1.6.3-alpha.

Recommendations Update to version 1.6.3-alpha or later.