CVE-2026-27960 CRITICAL

CVE-2026-27960: OpenCTI privilege escalation and unauthenticated access via default admin account

Vendor Opencti-Platform
Product opencti
Weakness CWE-287 · Improper authentication
Published May 5, 2026
Last update May 6, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.

Key dates

02Disclosure timeline

May 5, 2026 CVE published
May 6, 2026 Record updated