CVE-2026-28675

MEDIUM 5.3

OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha.

CWE	CWE-200 CWE-209
Vendor	opensift
Product	opensift
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for opensift opensift

Be the first to know when new medium vulnerabilities affecting opensift opensift are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

OpenSift / OpenSift

< 1.6.3-alpha

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976 github.com: https://github.com/OpenSift/OpenSift/pull/67 github.com: https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b github.com: https://github.com/OpenSift/OpenSift/commit/de99b9c github.com: https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha