CVE-2026-44730

CVSS Score & Metrics

Base Score

7.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

Vulnerability Details

Published Date

May 26, 2026

Last Modified

May 26, 2026

CWE ID

CWE-284

Source

NVD

Vendor

OpenCTI-Platform

Product

opencti

External References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment