Privilege Escalation Vulnerability in OpenCTI by OpenCTI Platform
CVE-2026-44730

7.2HIGH

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 26 May 2026

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2026-44730?

OpenCTI is an open-source platform designed for managing cyber threat intelligence. A vulnerability prior to version 6.9.7 allows an organization admin to escalate their privileges by incorrectly adding a user from a different organization who possesses higher privileges. This issue arises due to misconfigured access controls on the userEdit relationAdd function. An update to version 6.9.7 addresses this vulnerability, strengthening the platform's security.

Affected Version(s)

opencti < 6.9.7

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44730 Data

JSON