top of page
perceptive_background_267k.jpg

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege esca…

Published:

4 mei 2026 om 22:00:00

Alert date:

5 mei 2026 om 20:13:49

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

OpenCTI, an open source cyber threat intelligence platform, contains a privilege escalation vulnerability in versions 6.6.0 through 6.9.12. The vulnerability allows unauthenticated attackers to query the API as any existing user, including the default admin account. This represents a critical security flaw that could lead to complete system compromise. The issue has been patched in version 6.9.13. A workaround is available by disabling the default admin using the APP__ADMIN__EXTERNALLY_MANAGED configuration setting.

Technical details

Mitigation steps:

Affected products:

OpenCTI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-27960
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page