cbcvebase.
CVE-2026-21886
published 2026-03-17

CVE-2026-21886: OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations…

PriorityP345high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.23%
13.3th percentile
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutation can be misused to delete unrelated and sensitive objects such as analyses reports etc. This behavior stems from the lack of validation in the API to ensure that the targeted object is contextually related to the mutation being executed. Version 6.9.1 fixes the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
citeumopencti< 6.9.16.9.1
opencti-platformopencti< 6.9.16.9.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.