Authorization Bypass in OpenCTI Affects Cyber Threat Intelligence Management
CVE-2026-35210
7.1HIGH
What is CVE-2026-35210?
An authorization bypass vulnerability in OpenCTI permits authenticated users with KNOWLEDGE_KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. By injecting the synchronized-upsert: true HTTP header, attackers can downgrade the confidence levels of threat data, remove critical security markings (e.g., TLP:RED), and manipulate STIX object types including Indicators, Threat Actors, Malware, and Reports. This issue was resolved in version 7.260326.0.
Affected Version(s)
opencti < 7.260326.0
