CVE-2026-27170

EPSS 0.05%
Veröffentlicht 20.02.2026 23:58:22
Zuletzt bearbeitet 23.02.2026 20:50:25
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensift ≫ Opensift SwPlatformpython Version < 1.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.156

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha

Product

Release Notes

https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27170

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27170

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27170

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27170