Plattform
python
Komponente
opensift
Behoben in
1.1.4
CVE-2026-27170 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in OpenSift, an AI study tool. This vulnerability allows attackers to potentially access and probe private or local network resources from the OpenSift host process by crafting malicious URLs. The vulnerability affects versions 1.1.2-alpha and earlier, and has been resolved in version 1.1.3-alpha.
The SSRF vulnerability in OpenSift allows an attacker to manipulate the tool into making requests to unintended internal resources. By providing attacker-controlled URLs during the ingest process, an attacker can potentially access sensitive data or internal services that are not publicly exposed. This could include probing internal APIs, accessing configuration files, or even attempting to interact with other systems on the network. The blast radius extends to any internal resources accessible from the OpenSift host, potentially compromising the confidentiality and integrity of those systems.
This vulnerability was publicly disclosed on 2026-02-20. There are currently no known public proof-of-concept exploits available. The vulnerability's severity is rated as HIGH due to the potential for accessing internal resources. It is not currently listed on the CISA KEV catalog.
Organizations utilizing OpenSift for AI-powered data analysis, particularly those with sensitive data residing on internal networks, are at risk. Environments where OpenSift is configured to ingest URLs from untrusted sources are especially vulnerable. Shared hosting environments where OpenSift instances share the same network namespace also face increased risk.
• python / server:
# Check for suspicious outbound requests in OpenSift logs
grep -i 'https://' /var/log/opensift/access.log | grep -i 'internal.network'• generic web:
# Check for unexpected outbound connections using netstat
netstat -tulnp | grep -i 'internal.network'disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27170 is to upgrade to OpenSift version 1.1.3-alpha or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, a temporary workaround is to set the environment variable OPENSIFTALLOWPRIVATE_URLS=true. However, this should be done with extreme caution, as it increases the risk of unintended access to internal resources. Carefully review and restrict the URLs that OpenSift is allowed to ingest. Consider implementing network segmentation to limit the potential impact of a successful SSRF attack.
Aktualisieren Sie OpenSift auf Version 1.1.3-alpha oder höher. Wenn ein sofortiges Update nicht möglich ist, verwenden Sie die Option OPENSIFT_ALLOW_PRIVATE_URLS=true mit Vorsicht und nur, wenn Sie den lokalen Ausnahmen vertrauen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27170 is a Server-Side Request Forgery (SSRF) vulnerability in OpenSift versions 1.1.2-alpha and earlier, allowing attackers to probe internal network resources via malicious URLs.
You are affected if you are using OpenSift versions 1.1.2-alpha or earlier. Upgrade to 1.1.3-alpha to resolve the vulnerability.
Upgrade OpenSift to version 1.1.3-alpha. As a temporary workaround, set OPENSIFTALLOWPRIVATE_URLS=true with caution.
While no active exploitation has been confirmed, the SSRF nature of the vulnerability makes it a potential target for attackers.
Refer to the OpenSift project's official security advisories for the latest information and updates regarding CVE-2026-27170.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.