CVE-2026-21887

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.16

Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. The platform’s data ingestion feature accepts user-supplied URLs without validation and utilizes the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to construct requests to arbitrary endpoints, including internal services, as Axios accepts and processes absolute URLs. This results in a semi-blind Server-Side Request Forgery (SSRF), where responses may not be fully visible but can still impact internal systems. The API endpoint involved in this issue is the data ingestion feature, which accepts URLs via the URL parameter.

Recommendations Versions prior to 6.8.16 should be updated to version 6.8.16 or later.