Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenSift Exposes Sensitive Information to Users
CVE-2026-28675
Summary
Prior to version 1.6.3-alpha, OpenSift's API returned error messages and login tokens to users, potentially exposing sensitive information. This could allow attackers to gain unauthorized access to user accounts or learn how the system works. Users should update to version 1.6.3-alpha or later to fix this issue.
Original title
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Addit...
Original description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
CWE-209
- https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a4...
- https://github.com/OpenSift/OpenSift/commit/de99b9c
- https://github.com/OpenSift/OpenSift/pull/67
- https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha
- https://github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026