Script Filter Operator Vulnerability in OpenCTI by OpenCTI Platform
CVE-2026-35211

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-35211?

OpenCTI, an open-source platform designed to manage cyber threat intelligence, has a vulnerability in its GraphQL API. Prior to version 7.260401.0, the API allowed authenticated users with the KNOWLEDGE capability to include unvalidated Elasticsearch Painless scripts directly in search queries. This oversight can lead to significant misuse, as users can execute computationally intensive scripts that may consume excessive CPU resources, potentially resulting in degraded performance or denial of service for other users. The vulnerability has been mitigated in version 7.260401.0.

Affected Version(s)

opencti < 7.260401.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.