CVE-2026-21886

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.1

Description OpenCTI is a platform for managing cyber threat intelligence knowledge and observables. A flaw exists in the 'IndividualDeletionDeleteMutation' GraphQL mutation, allowing the deletion of unrelated and sensitive objects, such as analysis reports. This is due to a lack of validation within the API, failing to confirm contextual relationships between the targeted object and the executed mutation.

Recommendations Update to version 6.9.1 or later.