CVE-2026-27169
OpenSift: Persistent XSS Chat Tool Rendering
CVSS Score
8.9
EPSS Score
0.0%
EPSS Percentile
0th
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victimβs browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
| CWE | CWE-79 CWE-116 |
| Vendor | opensift |
| Product | opensift |
| Published | Feb 20, 2026 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for opensift opensift
Be the first to know when new high vulnerabilities affecting opensift opensift are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected Versions
OpenSift / OpenSift
< 1.1.3-alpha