CVE-2026-27960 – OpenCTI

CVSS 9.8 CRITICAL

“An exposed default account can silently hand over full control.”

This patch addresses a critical authentication and privilege escalation vulnerability in OpenCTI affecting versions 6.6.0 through 6.9.12. The issue allows unauthenticated attackers to access the API as any user, including the default admin account, resulting in full system compromise and unrestricted access to sensitive threat intelligence data.

CVE-2026-27960 has a CVSS score of 9.8, which is Critical severity. The vulnerability requires no authentication and can be exploited remotely with low complexity. It has been fixed in version 6.9.13, eliminating the risk of unauthorized access through the default admin pathway.

Key Details

Affected Product: Citeum Opencti
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-287

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-27960 – OpenCTI

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002