Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenCTI-Platform — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting OpenCTI-Platform. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenCTI-Platform serves as an open-source threat intelligence platform enabling organizations to collect, process, and share cyber threat data. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with 14 CVEs documented. The platform's REST API and web interface have been primary attack vectors, often stemming from insufficient input validation and access control weaknesses. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities underscores the need for rigorous patch management and secure configuration practices in production deployments.

Top products by OpenCTI-Platform: opencti
CVE IDTitleCVSSSeverityPublished
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account — openctiCWE-287 9.8 Critical2026-05-05
CVE-2026-39980 OpenCTI affected by RCE via notifier template — openctiCWE-1336 9.1 Critical2026-04-09
CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities — openctiCWE-285 6.5 Medium2026-03-17
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature — openctiCWE-918 7.7 High2026-03-12
CVE-2025-61782 Open Redirect in OpenCTI's SAML Authentication Flow — openctiCWE-601 5.4 Medium2026-01-07
CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users — openctiCWE-285 7.1 High2026-01-05
CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users — openctiCWE-285 5.4 Medium2025-07-18
CVE-2025-26621 OpenCTI vulnerable to Denial of Service through web hook — openctiCWE-94 7.6 High2025-05-19
CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook — openctiCWE-94 9.1 Critical2025-05-05
CVE-2025-24887 OpenCTI bypass of protected attribute update — openctiCWE-284 6.3 Medium2025-04-30
CVE-2024-45805 OpenCTI leaks support information due to inadequate access control — openctiCWE-200 4.3 Medium2024-12-26
CVE-2024-45404 OpenCTI's lack of Rate Limit lead to OTP brute forcing — openctiCWE-287 8.1 High2024-12-11
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction — openctiCWE-284 6.5 Medium2024-11-18
CVE-2024-26139 OpenCTI Authenticated Privilege Escalation — openctiCWE-284 8.3 High2024-05-23

This page lists every published CVE security advisory associated with OpenCTI-Platform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.