CVE-2026-28677
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
2Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha.
Analysis
OpenSift versions prior to 1.6.3-alpha are vulnerable to server-side request forgery (SSRF) attacks through the URL ingest pipeline, which fails to properly validate credentialed URLs, non-standard ports, and cross-host redirects in non-localhost deployments. An unauthenticated remote attacker can exploit this to access internal resources and potentially exfiltrate sensitive data from the affected system. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all OpenShift instances and document current versions in use; disable the URL ingest feature if business operations permit. Within 7 days: Implement network segmentation isolating OpenShift from sensitive internal systems and credential stores; deploy WAF rules blocking suspicious URL patterns to internal IP ranges and non-standard ports. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today