PT-2026-37214 · Opencti · Opencti

Souadhadjiat

·

Published

2026-05-05

·

Updated

2026-05-13

·

CVE-2026-27960

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenCTI versions 6.6.0 through 6.9.12
Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. A privilege escalation issue allows unauthenticated attackers to query the API as any existing user, including the default admin account.
Recommendations Update to version 6.9.13. As a temporary workaround, disable the default admin using the APP ADMIN EXTERNALLY MANAGED configuration.

Fix

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-27960
PYSEC-2026-119

Affected Products

Opencti