CVE-2026-28676
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.
Analysis
OpenShift versions prior to 1.6.3-alpha contain a path traversal vulnerability in multiple storage helpers that fail to properly validate directory boundaries, allowing authenticated attackers to read, write, or delete arbitrary files on the system. An attacker with valid credentials can exploit insufficient path sanitization to escape the intended base directory and access sensitive data or modify system files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenShift instances and identify those running versions below 1.6.3-alpha; isolate affected systems from untrusted networks if possible. Within 7 days: Implement network segmentation to restrict access to OpenShift APIs; enable detailed logging and monitoring for file operation anomalies. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today