CVE-2026-44730

HIGH

OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Title source: cna

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx

Scores

CVSS v3 7.2

EPSS 0.0032

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (3)

citeum/opencti < 6.9.7

OpenCTI-Platform/opencti < 6.9.7

pypi/pycti 0 - 6.9.7PyPI

Published May 26, 2026

Tracked Since May 26, 2026