CVE-2026-27960

CRITICAL

OpenCTI privilege escalation and unauthenticated access via default admin account

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-27960. PoCs published by ByteWraith1.

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.

Exploits (1)

nomisec FAILED

by ByteWraith1 · poc

https://github.com/ByteWraith1/CVE-2026-27960

View Code ZIP pw:eip

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 31.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

citeum/opencti 6.9.0 - 6.9.13

OpenCTI-Platform/opencti >= 6.6.0, < 6.9.13

Published May 05, 2026

Tracked Since May 06, 2026