OpenSift, an AI study tool for dataset analysis using semantic search and generative AI, contains a path injection vulnerability in versions prior to 1.6.3-alpha. The vulnerability exists in multiple storage helpers that use path construction patterns without proper base-directory containment enforcement. This creates path-injection risks in file read/write/delete operations when malicious path-like values are introduced. The issue has been patched in version 1.6.3-alpha with proper path validation controls.