Primary

Context

OpenCTI Privilege Escalation Vulnerability for Organization Admins

Vulnerability

Patched

A privilege escalation vulnerability has been identified in OpenCTI versions prior to 6.9.7. This issue allows organization admins to increase their privileges by adding users from other organizations who have higher privileges. The vulnerability arises from incorrect access control lists (ACLs) on the userEdit relationAdd, enabling unauthorized privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, granting full platform access and the ability to access sensitive or proprietary information.

Remediation

Users can upgrade to OpenCTI version 6.9.7 or later to address this vulnerability.

Added: May 26, 2026, 10:37 PM

Updated: May 26, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCTI Privilege Escalation Vulnerability for Organization Admins

Vulnerability

Impact

Remediation

Affected Products

OpenCTI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating