Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27189

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-21 Feb, 2026 | 00:01
Updated At-21 Feb, 2026 | 00:01
Rejected At-
Credits

OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:21 Feb, 2026 | 00:01
Updated At:21 Feb, 2026 | 00:01
Rejected At:
▼CVE Numbering Authority (CNA)
OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.

Affected Products
Vendor
OpenSift
Product
OpenSift
Versions
Affected
  • < 1.1.3-alpha
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWECWE-362CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Type: CWE
CWE ID: CWE-367
Description: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-362
Description: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxq
x_refsource_CONFIRM
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha
x_refsource_MISC
Hyperlink: https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxq
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha
Resource:
x_refsource_MISC
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:21 Feb, 2026 | 00:16
Updated At:21 Feb, 2026 | 00:16

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-362Primarysecurity-advisories@github.com
CWE-367Primarysecurity-advisories@github.com
CWE ID: CWE-362
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-367
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alphasecurity-advisories@github.com
N/A
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxqsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/OpenSift/OpenSift/security/advisories/GHSA-3pmp-j953-whxq
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-53016
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.11%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:52
Updated-20 Aug, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory corruption while processing I2C settings in Camera driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pwsa8832_firmwaresnapdragon_xr2_5g_platformwsa8810_firmwarewsa8835sxr2130fastconnect_7800sdx55_firmwarewcn3660bqca6391wsa8830wsa8832sw5100fastconnect_6800wcn3988_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca6426_firmwarewsa8835_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresd865_5g_firmwarewcn3660b_firmwarewcd9385wcd9385_firmwaresnapdragon_xr2_5g_platform_firmwaresxr2250psdm429wqca6426qca6436sxr2230p_firmwaresxr2250p_firmwaresnapdragon_865_5g_mobile_platformwsa8815sdm429w_firmwarewsa8810qsm8250_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)qca6436_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9380sxr2130_firmwarefastconnect_6800_firmwaresw5100p_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8815_firmwareqca6391_firmwaresnapdragon_429_mobile_platform_firmwaresw5100_firmwarewcn3980_firmwaresd865_5gsnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwarefastconnect_7800_firmwaresnapdragon_429_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3620snapdragon_w5\+_gen_1_wearable_platformwcn3980wcn3988snapdragon_8_gen_1_mobile_platformfastconnect_6900wcn3620_firmwareqsm8250snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)sxr2230psdx55snapdragon_x55_5g_modem-rf_systemwcd9380_firmwarewsa8830_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53018
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.11%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:52
Updated-20 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory corruption may occur while processing the OIS packet parser.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100psw5100p_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8832_firmwaresnapdragon_429_mobile_platform_firmwarewsa8835sw5100_firmwarewcn3980_firmwarefastconnect_7800fastconnect_7800_firmwaresnapdragon_429_mobile_platformwcn3660bwsa8830snapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3620wsa8832snapdragon_w5\+_gen_1_wearable_platformsw5100wcn3980wcn3988_firmwarewcn3988snapdragon_8_gen_1_mobile_platformwsa8835_firmwarefastconnect_6900wcn3660b_firmwarewcd9385wcd9385_firmwarewcn3620_firmwaresxr2230psxr2250psdm429wsxr2230p_firmwaresxr2250p_firmwaresdm429w_firmwarewcd9380_firmwarewsa8830_firmwarewcd9380Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
Details not found