Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026

OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints

CVE-2026-28675

Description

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha.

Affected products

Openshift/Opensiftv5
Range: < 1.6.3-alpha

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4840bmitrex_refsource_MISC
github.com/OpenSift/OpenSift/commit/de99b9cmitrex_refsource_MISC
github.com/OpenSift/OpenSift/pull/67mitrex_refsource_MISC
github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alphamitrex_refsource_MISC
github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000