Primary

Context

OpenCTI Privilege Escalation Vulnerability Allowing Unauthenticated API Access as Any User

Vulnerability

A privilege escalation vulnerability has been identified in OpenCTI versions 6.6.0 prior to 6.9.13. This vulnerability allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue arises from improper access controls, enabling unauthorized users to gain elevated privileges through the API.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling attackers to access the API with the rights of any existing user, including the default admin, which could lead to unauthorized actions or data access within the OpenCTI platform.

Remediation

Users can upgrade to OpenCTI version 6.9.13 or later to address this vulnerability. Additionally, the default admin account can be disabled using the APP__ADMIN__EXTERNALLY_MANAGED configuration.

Added: May 5, 2026, 7:26 PM

Updated: May 5, 2026, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCTI Privilege Escalation Vulnerability Allowing Unauthenticated API Access as Any User

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating