anonhaven
Ad

CVE-2026-28676

HIGH CVSS 3.1: 8.8 EPSS 0.05%
Updated Mar 06, 2026
OpenShift
Parameter Value
CVSS 8.8 (HIGH)
Fixed In 1.6.3
Type CWE-22 (Path Traversal (Обход пути))
Vendor OpenShift
Public PoC No

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced.

This issue has been patched in version 1.6.3-alpha.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal (Обход пути)

References 5

https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a…
security-advisories@github.com
https://github.com/OpenSift/OpenSift/commit/de99b9c
security-advisories@github.com
https://github.com/OpenSift/OpenSift/pull/67
security-advisories@github.com
https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha
security-advisories@github.com
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-ww4m-c7hv-2rqv
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28677

OpenShift

8.2

CVE-2026-28675

OpenShift

5.3