CVE 8.9 HIGH

OpenSift: Persistent XSS Chat Tool Rendering_CVE-2026-27169

February 20, 2026 invoker category_cve

8.9 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Description

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.

AI Analysis

Persistent XSS vulnerability in OpenSift's chat tool rendering, allowing stored content to execute JavaScript in authenticated sessions.

Basic Information

ID CVE-2026-27169

Source GitHub_M

Published Feb 20, 2026 at 23:51

Affected Product

Vendor OpenSift

Product OpenSift

Version < 1.1.3-alpha

Affected Versions OpenSift OpenSift < 1.1.3-alpha

CWE Classification

CWE-79 CWE-116

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor OpenSift

Product OpenSift

Version 1.1.2-alpha and below

References

{
    "lastseen": "",
    "description": "OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim\u2019s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.",
    "published": "2026-02-20T23:51:45.990Z",
    "modified": "2026-02-20T23:51:45.990Z",
    "type": "cve",
    "title": "OpenSift: Persistent XSS Chat Tool Rendering",
    "source": "GitHub_M",
    "references": "https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5\nhttps://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha",
    "id": "CVE-2026-27169",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-116"
    ],
    "cvelist": null,
    "sourceData": "OpenSift OpenSift < 1.1.3-alpha",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenSift",
    "version": "< 1.1.3-alpha",
    "vendor": "OpenSift",
    "ai_description": "Persistent XSS vulnerability in OpenSift's chat tool rendering, allowing stored content to execute JavaScript in authenticated sessions.",
    "ai_severity": "High",
    "ai_vendor": "OpenSift",
    "ai_product": "OpenSift",
    "ai_version": "1.1.2-alpha and below",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply