CVE-2026-27960 | OpenCTI is an open source platform for managing cyber threat… | CVSS 9.8 CRITICAL

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.

Metadata

CVE ID: CVE-2026-27960
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-02-25 03:24 UTC
Published: 2026-05-05 18:35 UTC
Last updated: 2026-05-06 15:17 UTC
Primary CWE: CWE-287
CWE-287: Improper Authentication
Vendor / Product: OpenCTI-Platform / opencti
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
OpenCTI-Platform	opencti	—	>= 6.6.0, < 6.9.13

Weakness (CWE)

CWE	Source	Description
CWE-287	cna	CWE-287: Improper Authentication

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx