Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

opencti — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in opencti, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of security vulnerabilities associated with OpenCTI, the open-source cyber threat intelligence platform developed by OpenCTI. The collected data includes Common Weakness Enumerations (CWE) and Common Vulnerabilities and Exposures (CVE) entries that specifically affect various components and integrations within the OpenCTI ecosystem. The records currently cover vulnerabilities disclosed from January 2020 through the present day, ensuring a historical perspective on the product's security posture as it has evolved. By utilizing this resource, security professionals and system administrators can track the vendor's advisory history to stay informed about newly reported issues and patches. Users can also gain a deeper understanding of specific weakness classes prevalent in this type of platform, such as injection flaws or improper access controls. Furthermore, this page serves as a central repository for looking up the complete vulnerability history of the OpenCTI product, allowing teams to assess the risk exposure of their deployments. It consolidates disparate sources into a single view to facilitate faster triage and remediation efforts. This approach helps organizations prioritize their security tasks by highlighting critical issues that may impact their open-source intelligence operations. The goal is to provide transparency and clarity regarding the security landscape surrounding this popular threat intelligence software.

Vendor: OpenCTI-Platform

CVE IDTitleCVSSSeverityPublished
CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data CWE-79--2026-06-02
CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd CWE-284 7.2 High2026-05-26
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account CWE-287 9.8 Critical2026-05-05
CVE-2026-39980 OpenCTI affected by RCE via notifier template CWE-1336 9.1 Critical2026-04-09
CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities CWE-285 6.5 Medium2026-03-17
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature CWE-918 7.7 High2026-03-12
CVE-2020-37044 OpenCTI 3.3.1 - Cross Site Scripting CWE-79 5.4 Medium2026-01-30
CVE-2020-37041 OpenCTI 3.3.1 - Directory Traversal CWE-22 7.5 High2026-01-30
CVE-2025-61782 Open Redirect in OpenCTI's SAML Authentication Flow CWE-601 5.4 Medium2026-01-07
CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users CWE-285 7.1 High2026-01-05
CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users CWE-285 5.4 Medium2025-07-18
CVE-2025-26621 OpenCTI vulnerable to Denial of Service through web hook CWE-94 7.6 High2025-05-19
CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook CWE-94 9.1 Critical2025-05-05
CVE-2025-24887 OpenCTI bypass of protected attribute update CWE-284 6.3 Medium2025-04-30
CVE-2024-45805 OpenCTI leaks support information due to inadequate access control CWE-200 4.3 Medium2024-12-26
CVE-2024-45404 OpenCTI's lack of Rate Limit lead to OTP brute forcing CWE-287 8.1 High2024-12-11
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction CWE-284 6.5 Medium2024-11-18
CVE-2024-26139 OpenCTI Authenticated Privilege Escalation CWE-284 8.3 High2024-05-23

All 18 known CVE vulnerabilities affecting opencti with full Chinese analysis, references, and POCs where available.