Primary

Context

OpenSift URL Ingestion Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in OpenSift, an AI study tool, in versions prior to 1.1.3-alpha. The issue arises from overly permissive URL ingestion that allows the application to fetch data from unsafe targets. This vulnerability could be exploited to access or probe private or local network resources from the OpenSift host process by ingesting attacker-controlled URLs.

Impact

Exploitation of this vulnerability could lead to unauthorized access or probing of private or local network resources from the OpenSift host process.

Remediation

Users are advised to upgrade to OpenSift version 1.1.3-alpha or later. For trusted local-only exceptions, the environment variable OPENSIFT_ALLOW_PRIVATE_URLS can be set to true, but this should be done with caution.

Added: Feb 21, 2026, 12:18 AM

Updated: Feb 21, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.7

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.7

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSift URL Ingestion Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating