Cyber Resilience

CVE-2026-27169

High

Published: 21 February 2026

Published
21 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v3.1 8.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
EPSS Score 0.0035 26.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27169 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Opensift Opensift. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27169 is a cross-site scripting (XSS) vulnerability affecting OpenSift, an AI study tool that uses semantic search and generative AI to process large datasets. Versions 1.1.2-alpha and below render untrusted user or model-generated content in chat tool UI surfaces via unsafe HTML interpolation patterns. This improper encoding (CWE-116, CWE-79) allows stored content to execute arbitrary JavaScript when viewed in authenticated sessions. The vulnerability was published on 2026-02-21 and carries a CVSS v3.1 base score of 8.9 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L).

An attacker requires low privileges (PR:L) to influence stored study, quiz, or flashcard content, such as by injecting malicious payloads via user inputs or AI-generated outputs. Exploitation occurs over the network (AV:N) with low complexity when a victim with an authenticated session views the tainted content, requiring user interaction (UI:R). Successful attacks trigger JavaScript execution in the victim's browser with changed scope (S:C), enabling high-impact actions like data exfiltration (C:H), session manipulation (I:H), or limited disruption (A:L) as the victim within the local app session.

The issue is fixed in OpenSift version 1.1.3-alpha. Mitigation details are available in the GitHub release notes at https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha and the security advisory at https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5, which practitioners should review for upgrade instructions and any interim workarounds.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content…

more

can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, generative ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

Stored XSS enables arbitrary JavaScript execution in authenticated browser sessions (T1059.007), directly supporting browser session hijacking (T1185) and web session cookie theft (T1539). The web app context with user-generated tainted content also facilitates drive-by compromise against victims viewing the content (T1189).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28676Same product: Opensift Opensift
CVE-2026-27170Same product: Opensift Opensift
CVE-2026-28677Same product: Opensift Opensift
CVE-2026-45303Shared CWE-79
CVE-2026-26192Shared CWE-79
CVE-2026-44721Shared CWE-79
CVE-2026-25932Shared CWE-116, CWE-79
CVE-2026-26193Shared CWE-79
CVE-2025-5352Shared CWE-79
CVE-2025-50538Shared CWE-79

Affected Assets

opensift
opensift
≤ 1.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-15 directly addresses unsafe HTML interpolation by requiring filtering of untrusted user/model content prior to rendering in UI surfaces to block XSS script execution.

prevent

SI-10 validates information inputs from users or AI models before storage in study/quiz/flashcard content, preventing injection of malicious XSS payloads.

prevent

SI-2 ensures timely flaw remediation by applying the specific XSS fix released in OpenSift version 1.1.3-alpha.

References