CVE-2026-27960

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenCTI versions 6.6.0 through 6.9.12

Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. A privilege escalation issue allows unauthenticated attackers to query the API as any existing user, including the default admin account.

Recommendations Update to version 6.9.13. As a temporary workaround, disable the default admin using the APP ADMIN EXTERNALLY MANAGED configuration.

Fix

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-27960

Affected Products

Opencti

CVE-2026-27960

Weakness Enumeration

Related Identifiers

Affected Products

References · 4