CVE-2026-28676 (GCVE-0-2026-28676)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:23 – Updated: 2026-03-09 19:48
VLAI?
Title
OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
Summary
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T19:48:09.897561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T19:48:27.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSift",
"vendor": "OpenSift",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:23:12.727Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv"
},
{
"name": "https://github.com/OpenSift/OpenSift/pull/67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/pull/67"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b"
},
{
"name": "https://github.com/OpenSift/OpenSift/commit/de99b9c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/commit/de99b9c"
},
{
"name": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha"
}
],
"source": {
"advisory": "GHSA-ww4m-c7hv-2rqv",
"discovery": "UNKNOWN"
},
"title": "OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28676",
"datePublished": "2026-03-06T04:23:12.727Z",
"dateReserved": "2026-03-02T21:43:19.926Z",
"dateUpdated": "2026-03-09T19:48:27.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28676\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-06T05:16:36.270\",\"lastModified\":\"2026-03-18T13:02:04.840\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.\"},{\"lang\":\"es\",\"value\":\"OpenSift es una herramienta de estudio de IA que tamiza grandes conjuntos de datos utilizando b\u00fasqueda sem\u00e1ntica e IA generativa. Antes de la versi\u00f3n 1.6.3-alpha, m\u00faltiples asistentes de almacenamiento utilizaban patrones de construcci\u00f3n de rutas que no aplicaban uniformemente la contenci\u00f3n del directorio base. Esto creaba riesgo de inyecci\u00f3n de rutas en los flujos de lectura/escritura/eliminaci\u00f3n de archivos si se introduc\u00edan valores maliciosos similares a rutas. Este problema ha sido parcheado en la versi\u00f3n 1.6.3-alpha.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"1.6.3\",\"matchCriteriaId\":\"D1037E2F-1527-4C09-8D8D-78E56E6DDC78\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenSift/OpenSift/commit/de99b9c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenSift/OpenSift/pull/67\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28676\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-09T19:48:09.897561Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-09T19:48:16.112Z\"}}], \"cna\": {\"title\": \"OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations\", \"source\": {\"advisory\": \"GHSA-ww4m-c7hv-2rqv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"OpenSift\", \"product\": \"OpenSift\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.3-alpha\"}]}], \"references\": [{\"url\": \"https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv\", \"name\": \"https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenSift/OpenSift/pull/67\", \"name\": \"https://github.com/OpenSift/OpenSift/pull/67\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b\", \"name\": \"https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenSift/OpenSift/commit/de99b9c\", \"name\": \"https://github.com/OpenSift/OpenSift/commit/de99b9c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha\", \"name\": \"https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-06T04:23:12.727Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28676\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-09T19:48:27.645Z\", \"dateReserved\": \"2026-03-02T21:43:19.926Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-06T04:23:12.727Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…