Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-27960: OpenCTI versions 6.6.0 to 6.9.12 allow unauthenticated access to admin API
CVE-2026-27960
Summary
OpenCTI's API is accessible to anyone without a login, allowing them to view and potentially manipulate data. This is a serious issue because it gives attackers control over the platform. To fix this, update to version 6.9.13 or disable the default admin account using a configuration setting.
Original title
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be expl...
Original description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.
nvd CVSS3.1
9.8
Vulnerability type
CWE-287
Improper Authentication
Published: 5 May 2026 · Updated: 28 May 2026 · First seen: 5 May 2026