CRITICAL🇵🇱 Wersja polska

CVE-2026-27960

CVSS 9.8v3.1pub. 2026-05-05upd. 2026-05-12

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.

🤖 AI Analysis
How it works

The vulnerability, classified as CWE-287 (improper authentication), causes the user identity verification mechanism to be bypassed without providing any credentials. An unauthenticated attacker can impersonate any account in the system, including the default administrator account, and send API requests on its behalf to the OpenCTI platform. The exploit does not require victim interaction or special network privileges.

Impact

The attacker gains full access to the OpenCTI platform API with the privileges of the chosen user. In the case of an administrator account, this means the ability to read, modify, and delete all threat intelligence data, as well as potential takeover of full platform control.

Mitigation & patch

OpenCTI must be updated to version 6.9.13, in which the vulnerability has been fixed. As a temporary workaround, the default administrator account can be disabled by setting the configuration option `APP__ADMIN__EXTERNALLY_MANAGED` to a value corresponding to disabling this account.

Who is affected

OpenCTI versions 6.6.0 to 6.9.12 inclusive

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Citeum Opencti

    APP
    Citeum
    6.9.0 – 6.9.13 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References

Related vulnerabilities

CVE-2026-39980CRITICAL9.1PL ✓ten sam produkt

OpenCTI: Wykonanie dowolnego kodu JS przez niesanityzowane szablony EJS

CVE-2025-24977CRITICAL9.1PL ✓ten sam produkt

OpenCTI: RCE przez nadużycie web-hooków przez uprzywilejowanego użytkownika

CVE-2026-44730HIGH7.2ten sam produkt

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to ...

CVE-2026-21887HIGH7.7ten sam produkt

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to ...

CVE-2020-37041HIGH7.1ten sam produkt

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated at...