CVE-2026-28676
Received Received - Intake
Path Injection Vulnerability in OpenSift Storage Helpers

Publication date: 2026-03-06

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28676
EUVD
EUVD-2026-9987
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opensift opensift to 1.6.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-28676 is a high-severity vulnerability in OpenSift, an AI study tool, caused by insufficient enforcement of base-directory containment in multiple storage helper modules. This flaw allows attackers to inject malicious path-like values that bypass directory restrictions, enabling unauthorized file read, write, or delete operations outside the intended storage directories.'}, {'type': 'paragraph', 'content': 'The vulnerability is a form of path traversal (CWE-22), where special path elements like "../" are not properly neutralized, allowing attackers to escape restricted directories.'}, {'type': 'paragraph', 'content': 'It affects versions prior to 1.6.3-alpha and was patched by updating backend modules to consistently enforce scoped base directories.'}] [1]

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive data, unauthorized modification of files, and potential disruption of service.

  • Attackers can read confidential files outside the intended directories, compromising confidentiality.
  • Attackers can modify or delete files, affecting data integrity and availability.
  • The vulnerability can be exploited remotely with low complexity and without user interaction, increasing the risk.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves path traversal risks in OpenSift storage helper modules due to insufficient path containment checks. Detection can focus on identifying unauthorized file read, write, or delete operations outside the intended OpenSift storage directories.'}, {'type': 'paragraph', 'content': 'You can monitor filesystem access logs or audit logs for suspicious file operations involving path traversal patterns such as "../" sequences in file paths related to OpenSift directories.'}, {'type': 'paragraph', 'content': 'Suggested commands include:'}, {'type': 'list_item', 'content': "Using grep to find suspicious path usage in logs: grep -r '\\.\\./' /path/to/opensift/logs"}, {'type': 'list_item', 'content': 'Using auditd to monitor file access outside expected directories by setting audit rules on OpenSift storage directories.'}, {'type': 'list_item', 'content': 'Checking running OpenSift version to confirm if it is vulnerable: python3 -c "import opensift; print(opensift.__version__)"'}, {'type': 'list_item', 'content': 'Reviewing source code or runtime modules (flashcard_store.py, quiz_store.py, session_store.py, source_store.py, ui_app.py) for path construction patterns that do not enforce base-directory containment.'}] [1]

Mitigation Strategies

Immediate mitigation steps include upgrading OpenSift to version 1.6.3-alpha or later, where the vulnerability has been patched by enforcing scoped base directories in all storage helper modules.

Additionally, restrict filesystem permissions on runtime directories used by OpenSift to prevent unauthorized file operations.

Avoid importing untrusted manifests or metadata that could contain malicious path-like values.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28676. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart