Opencti-platform Opencti
16 CVEs affecting Opencti-platform Opencti. Latest disclosed: 2026-06-02. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27960 | Critical | 9.8 | 2026-05-05 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege esc… |
CVE-2026-39980 | Critical | 9.1 | 2026-04-09 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sani… |
CVE-2025-24977 | Critical | 9.1 | 2025-05-05 | OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands… |
CVE-2024-26139 | High | 8.3 | 2024-05-23 | OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security… |
CVE-2024-45404 | High | 8.1 | 2024-12-11 | OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attack… |
CVE-2026-21887 | High | 7.7 | 2026-03-12 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion fea… |
CVE-2025-26621 | High | 7.6 | 2025-05-19 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manag… |
CVE-2026-44730 | High | 7.2 | 2026-05-26 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their p… |
CVE-2025-61781 | High | 7.1 | 2026-01-05 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePop… |
CVE-2026-21886 | Medium | 6.5 | 2026-03-17 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualD… |
CVE-2024-37155 | Medium | 6.5 | 2024-11-18 | OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the rege… |
CVE-2025-24887 | Medium | 6.3 | 2025-04-30 | OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing… |
CVE-2026-35212 | Medium | 6.1 | 2026-06-02 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the… |
CVE-2025-61782 | Medium | 5.4 | 2026-01-07 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exi… |
CVE-2025-46732 | Medium | 5.4 | 2025-07-18 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQ… |
CVE-2024-45805 | Medium | 4.3 | 2024-12-26 | OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access… |