PatchSiren

OpenCTI-Platform CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM OpenCTI-Platform CVE published 2026-07-08

CVE-2026-35211

CVE-2026-35211 is a vulnerability in the OpenCTI GraphQL API that allows authenticated users with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization. This can lead to computationally expensive scripts consuming cluster CPU resources and degrading or denying service for all users. The issue is fixed in version [truncated]

HIGH OpenCTI-Platform CVE published 2026-07-08

CVE-2026-35210

CVE-2026-35210 is an authorization bypass vulnerability in OpenCTI, allowing any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header. This enables attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object t [truncated]

HIGH OpenCTI-Platform CVE published 2026-05-26

CVE-2026-44730

## Summary CVE-2026-44730 is a HIGH severity (CVSS 7.2) privilege-escalation vulnerability in OpenCTI, an open-source cyber-threat-intelligence platform. Prior to version 6.9.7, an organization administrator can escalate their own privileges by adding a user from a different organization who already holds higher privileges. The root cause is an incorrect access-control list (ACL) on the `userEdit` → `rela [truncated]