PT-2026-5481 · Opencti+1 · Opencti+1
Published
2026-01-30
·
Updated
2026-02-13
·
CVE-2020-37041
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenCTI version 3.3.1
Description
OpenCTI version 3.3.1 is susceptible to a directory traversal issue through the
static/css endpoint. An unauthenticated attacker can access arbitrary files on the filesystem by submitting specially crafted GET requests containing path traversal sequences (e.g., '../') within the URL. For example, a request to the /static/css//../../../../../../../../etc/passwd endpoint can reveal the contents of the /etc/passwd file. The issue was identified by Raif Berkay Dincel and verified on Linux Mint and Windows 10 operating systems.Recommendations
OpenCTI version 3.3.1: Restrict access to the
static/css endpoint to prevent unauthenticated access.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opencti
Windows 10