Primary

Context

OpenCTI Directory Traversal Vulnerability

Vulnerability

A directory traversal vulnerability has been identified in OpenCTI version 3.3.1. This vulnerability allows unauthenticated attackers to read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences in the URL. The issue was confirmed on Linux Mint and Windows 10.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files on the server, such as the passwd file, which can disclose user information and potentially lead to further exploitation.

Reproduction

To reproduce this vulnerability, send a GET request to the '/static/css' endpoint with path traversal sequences (e.g., '../') in the URL. The request will return the contents of the file specified in the traversal sequence.

Added: Jan 30, 2026, 11:26 PM

Updated: Jan 30, 2026, 11:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCTI Directory Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating