CVE-2026-44730
published 2026-05-26CVE-2026-44730: OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their…
PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.32%
23.3th percentile
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citeum | opencti | < 6.9.7 | 6.9.7 |
| opencti-platform | opencti | < 6.9.7 | 6.9.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
ghsa·2026-05-28
CVE-2026-44730 [HIGH] CWE-284 OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
### Summary
An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.
### Impact
Full platform access, access to sensitive or proprietary information.
VulDB
OpenCTI-Platform OpenCTI up to 6.9.6 access control (GHSA-q537-qhj4-wcjx)
vuldb·2026-05-26·CVSS 7.2
CVE-2026-44730 [HIGH] OpenCTI-Platform OpenCTI up to 6.9.6 access control (GHSA-q537-qhj4-wcjx)
A vulnerability identified as critical has been detected in OpenCTI-Platform OpenCTI up to 6.9.6. Affected by this issue is some unknown functionality. This manipulation causes improper access controls.
This vulnerability appears as CVE-2026-44730. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-26
Published