CVE-2026-44730

7.2 HIGH

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables

Published: 2026-05-26 · Last updated: 2026-05-27

Severity and scoring

CVSS: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284

Affected products

Vendor	Product
citeum	opencti

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44730
[Vendor advisory]https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx

Related CVEs

Same vendor

CVE-2026-35212 — OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables (6.1 MEDIUM)

Same CWE

CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
CVE-2026-47366 — Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
CVE-2026-45178 — Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints
CVE-2026-45177 — Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components