CVE-2026-27170
Published: 21 February 2026
Summary
CVE-2026-27170 is a high-severity Improper Input Validation (CWE-20) vulnerability in Opensift Opensift. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-27170 affects OpenSift, an AI study tool that processes large datasets via semantic search and generative AI. In versions 1.1.2-alpha and prior, the URL ingest feature exhibits overly permissive server-side fetch behavior, allowing coercion into requesting unsafe targets. This enables potential access or probing of private or local network resources directly from the OpenSift host process when processing attacker-controlled URLs. The vulnerability is classified under CWE-20 (Improper Input Validation) and CWE-918 (Server-Side Request Forgery), with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).
An attacker with low privileges, such as an authenticated user, can exploit this over the network with low complexity and no user interaction required. By supplying malicious URLs during ingestion, they can compel the OpenSift server to fetch resources from internal private networks or local services, achieving high confidentiality impact through unauthorized data access or reconnaissance, alongside low integrity impact.
The issue is addressed in OpenSift version 1.1.3-alpha. For mitigation, practitioners should upgrade immediately. As a cautious workaround for trusted local-only exceptions, set the environment variable OPENSIFT_ALLOW_PRIVATE_URLS=true. Additional details are available in the GitHub release notes at https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha and the security advisory at https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7745
Vulnerability details
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing…
more
of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, generative ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF (CWE-918) directly enables internal network probing and reconnaissance of private/local services and systems from the server process, mapping to network/system discovery techniques.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of URL inputs during ingest to reject malformed or unsafe targets that enable SSRF to private resources.
Enforces information flow policies that block the server-side fetch of attacker-supplied URLs from reaching internal or private network destinations.
Applies boundary controls and monitoring on outbound connections from the OpenSift host to limit or detect SSRF-driven access to local network resources.