CVE-2026-35210
HIGHOpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection
Title source: cnaDescription
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.
References (4)
Core 4
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-36fr-4m54-94mj
X_Refsource_Misc x_refsource_misc
https://github.com/OpenCTI-Platform/opencti/pull/14243
X_Refsource_Misc x_refsource_misc
https://github.com/OpenCTI-Platform/opencti/commit/134531ddf5ecf741006b7f0870b7c36711b96540
X_Refsource_Misc x_refsource_misc
https://github.com/OpenCTI-Platform/opencti/releases/tag/7.260326.0
Scores
CVSS v3
7.1
EPSS
0.0027
EPSS Percentile
18.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
CWE-863
Status
published
Products (1)
OpenCTI-Platform/opencti
< 7.260326.0
Published
Jul 08, 2026
Tracked Since
Jul 09, 2026