CVE-2026-28677
Published: 06 March 2026
Summary
CVE-2026-28677 is a high-severity SSRF (CWE-918) vulnerability in Opensift Opensift. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SSRF in OpenSift's URL ingest pipeline by validating user-controlled remote URLs against complete destination restrictions, blocking credentialed URLs, non-standard ports, and cross-host redirects.
Prevents SSRF abuse by monitoring and controlling outbound communications at system boundaries, restricting OpenSift server requests to unauthorized internal destinations in non-localhost deployments.
Enforces information flow control policies to limit server-initiated requests from the URL ingest pipeline to approved destinations, closing gaps in private/localhost checks, credentials, ports, and redirects.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in publicly accessible URL ingest pipeline of OpenSift directly enables initial access by exploiting a public-facing application (T1190); incomplete input validation on remote URLs allows forced internal requests without authentication.
NVD Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing restrictions…
more
for credentialed URLs, non-standard ports, and cross-host redirects left SSRF-class abuse paths in non-localhost deployments. This issue has been patched in version 1.6.3-alpha.
Deeper analysisAI
CVE-2026-28677 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting OpenSift prior to version 1.6.3-alpha. OpenSift is an AI study tool that processes large datasets via semantic search and generative AI. The issue resides in the URL ingest pipeline, which accepts user-controlled remote URLs but enforces incomplete destination restrictions. Although checks for private or localhost addresses exist, gaps in handling credentialed URLs, non-standard ports, and cross-host redirects enable SSRF abuse in non-localhost deployments. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) and was published on 2026-03-06.
Network-accessible attackers require no privileges or user interaction to exploit this flaw. By submitting crafted URLs to the ingest pipeline, they can evade restrictions and compel the server to issue requests to unintended internal destinations, such as services on non-standard ports or those requiring credentials. Successful exploitation yields high confidentiality impacts through unauthorized access to sensitive internal resources, alongside low availability effects, in affected non-localhost OpenSift instances.
Mitigation is available via upgrade to OpenSift version 1.6.3-alpha, where the issue has been patched. Supporting GitHub resources include patching commits at https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840b and https://github.com/OpenSift/OpenSift/commit/de99b9c, pull request #67, the release at https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha, and the security advisory at https://github.com/OpenSift/OpenSift/security/advisories/GHSA-5jfc-p787-2mf9.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, generative ai