OpenCTI — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in OpenCTI, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenCTI-Platform

CVE ID	Title	CVSS	Severity	Published
CVE-2026-39980	OpenCTI affected by RCE via notifier template CWE-1336	9.1	Critical	2026-04-09
CVE-2026-21886	OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities CWE-285	6.5	Medium	2026-03-17
CVE-2026-21887	OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature CWE-918	7.7	High	2026-03-12
CVE-2020-37044	OpenCTI 3.3.1 - Cross Site Scripting CWE-79	5.4	Medium	2026-01-30
CVE-2020-37041	OpenCTI 3.3.1 - Directory Traversal CWE-22	7.5	High	2026-01-30
CVE-2025-61782	Open Redirect in OpenCTI's SAML Authentication Flow CWE-601	5.4	Medium	2026-01-07
CVE-2025-61781	GraphQL IDOR allows authenticated user to delete workspace content of other users CWE-285	7.1	High	2026-01-05
CVE-2025-46732	OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users CWE-285	5.4	Medium	2025-07-18
CVE-2025-26621	OpenCTI vulnerable to Denial of Service through web hook CWE-94	7.6	High	2025-05-19
CVE-2025-24977	OpenCTI has remote code execution and sensitive secrets exposed through web hook CWE-94	9.1	Critical	2025-05-05
CVE-2025-24887	OpenCTI bypass of protected attribute update CWE-284	6.3	Medium	2025-04-30
CVE-2024-45805	OpenCTI leaks support information due to inadequate access control CWE-200	4.3	Medium	2024-12-26
CVE-2024-45404	OpenCTI's lack of Rate Limit lead to OTP brute forcing CWE-287	8.1	High	2024-12-11
CVE-2024-37155	OpenCTI May Bypass Introspection Restriction CWE-284	6.5	Medium	2024-11-18
CVE-2024-26139	OpenCTI Authenticated Privilege Escalation CWE-284	8.3	High	2024-05-23

All 15 known CVE vulnerabilities affecting OpenCTI with full Chinese analysis, references, and POCs where available.