CVE-2026-27170 – OpenSift versions 1.1.2-alpha and below have a ... (How to Fix)

Q: What is the severity of CVE-2026-27170?

CVE-2026-27170 has a CVSS score of 7.1 (HIGH). OpenSift versions 1.1.2-alpha and below have a server-side request forgery (SSRF) vulnerability where URL ingest functionality can be tricked into fetching resources from internal/private networks. This allows attackers to probe or access internal services from the OpenSift host. Anyone using vulnerable OpenSift versions with URL ingest enabled is affected.

📋 TL;DR

OpenSift versions 1.1.2-alpha and below have a server-side request forgery (SSRF) vulnerability where URL ingest functionality can be tricked into fetching resources from internal/private networks. This allows attackers to probe or access internal services from the OpenSift host. Anyone using vulnerable OpenSift versions with URL ingest enabled is affected.

💻 Affected Systems

Products:

OpenSift

Versions: 1.1.2-alpha and below

Operating Systems: All platforms running OpenSift

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with URL ingest functionality enabled/used.

📦 What is this software?

Opensift by Opensift

View all CVEs affecting Opensift →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services through credential theft, data exfiltration, or lateral movement from the OpenSift host.

🟠

Likely Case

Internal network reconnaissance, metadata harvesting, and potential access to unauthenticated internal services.

🟢

If Mitigated

Limited to public internet resources only, with no access to internal systems.

🌐 Internet-Facing: HIGH - Internet-facing OpenSift instances can be directly exploited by external attackers.

🏢 Internal Only: MEDIUM - Internal instances still vulnerable to internal attackers or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SSRF attack requiring only URL submission capability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.3-alpha

Vendor Advisory: https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp

Restart Required: Yes

Instructions:

1. Download v1.1.3-alpha from GitHub releases. 2. Stop OpenSift service. 3. Replace binary/files with patched version. 4. Restart OpenSift service.

🔧 Temporary Workarounds

Environment variable restriction

all

Set OPENSIFT_ALLOW_PRIVATE_URLS=true to allow only trusted local exceptions with caution

export OPENSIFT_ALLOW_PRIVATE_URLS=true

🧯 If You Can't Patch

Disable URL ingest functionality completely
Implement network segmentation to isolate OpenSift from internal networks

🔍 How to Verify

Check if Vulnerable:

Check OpenSift version and compare to affected range (≤1.1.2-alpha)

Check Version:

opensift --version or check package/installation metadata

Verify Fix Applied:

Confirm version is 1.1.3-alpha or higher and test URL ingest with internal IP addresses

📡 Detection & Monitoring

Log Indicators:

Unusual URL fetch patterns
Requests to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x)
Multiple failed fetch attempts

Network Indicators:

Outbound connections from OpenSift to internal services
Unusual port scanning patterns from OpenSift host

SIEM Query:

source="opensift" AND (url="*10.*" OR url="*172.16.*" OR url="*192.168.*")

📊 Metadata

CVE ID: CVE-2026-27170

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-20

Published: February 21, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha Product,Release Notes
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3w2r-hj5p-h6pp Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27170, you might also want to check these: