Script Filter Operator Vulnerability in OpenCTI by OpenCTI Platform
CVE-2026-35211
6.5MEDIUM
What is CVE-2026-35211?
OpenCTI, an open-source platform designed to manage cyber threat intelligence, has a vulnerability in its GraphQL API. Prior to version 7.260401.0, the API allowed authenticated users with the KNOWLEDGE capability to include unvalidated Elasticsearch Painless scripts directly in search queries. This oversight can lead to significant misuse, as users can execute computationally intensive scripts that may consume excessive CPU resources, potentially resulting in degraded performance or denial of service for other users. The vulnerability has been mitigated in version 7.260401.0.
Affected Version(s)
opencti < 7.260401.0
