Skip to main content

Opencti CVE-2026-21886

| EUVD-2026-12578 MEDIUM
Improper Authorization (CWE-285)
2026-03-17 GitHub_M
Authentication Bypass Opencti
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
6.9.1
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12578
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 15:26 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutation can be misused to delete unrelated and sensitive objects such as analyses reports etc. This behavior stems from the lack of validation in the API to ensure that the targeted object is contextually related to the mutation being executed. Version 6.9.1 fixes the issue.

AnalysisAI

OpenCTI versions prior to 6.9.1 contain an authorization bypass vulnerability in the GraphQL mutation 'IndividualDeletionDeleteMutation' that allows authenticated users to delete arbitrary unrelated objects such as analysis reports, not just the intended individual entities. The vulnerability stems from insufficient input validation in the API layer, enabling a user with basic mutation privileges to escalate their impact beyond intended scope. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates network-accessible exploitation requiring only low privileges (authenticated user account), no user interaction, and high impact on availability with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated analyst user with basic permissions in a shared OpenCTI instance discovers via API documentation or reverse engineering that the GraphQL 'IndividualDeletionDeleteMutation' endpoint accepts generic object IDs without type validation. The attacker crafts a mutation query specifying the ID of a sensitive analysis report instead of an Individual entity. …
Remediation Upgrade OpenCTI to version 6.9.1 or later as released by the OpenCTI Platform project (see https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mhmx-j75v-2m6x for the official advisory). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-21886 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy