CVE-2026-27169HIGH 8.9EPSS p26.4%

CVE-2026-27169CVE-2026-27169

Description

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.

Scoring

CVSS 3.18.9 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
EPSS0.35% probability of exploitation · percentile 26.4% · 2026-06-18T12:00:27Z
Published2026-02-21
Last modified2026-02-23

Underlying weaknesses· 2

CWE-79CWE-116

References

  1. https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha
  2. https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5

2

TypeTargetConfidenceTier
WeaknessImproper Encoding or Escaping of Outputcwe-1160%live
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28677
CVE
CVE-2026-28676
CVE
CVE-2026-11326
CVE
CVE-2026-43900
CVE
CVE-2025-26210
CVE
CVE-2026-25688
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.