{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T21:26:50.212","vulnerabilities":[{"cve":{"id":"CVE-2026-28676","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T05:16:36.270","lastModified":"2026-03-18T13:02:04.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha."},{"lang":"es","value":"OpenSift es una herramienta de estudio de IA que tamiza grandes conjuntos de datos utilizando búsqueda semántica e IA generativa. Antes de la versión 1.6.3-alpha, múltiples asistentes de almacenamiento utilizaban patrones de construcción de rutas que no aplicaban uniformemente la contención del directorio base. Esto creaba riesgo de inyección de rutas en los flujos de lectura/escritura/eliminación de archivos si se introducían valores maliciosos similares a rutas. Este problema ha sido parcheado en la versión 1.6.3-alpha."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensift:opensift:*:*:*:*:*:python:*:*","versionEndExcluding":"1.6.3","matchCriteriaId":"D1037E2F-1527-4C09-8D8D-78E56E6DDC78"}]}]}],"references":[{"url":"https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenSift/OpenSift/commit/de99b9c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenSift/OpenSift/pull/67","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv","source":"security-advisories@github.com","tags":["Vendor Advisory","Patch"]}]}}]}