Skip to main content

OpenCTI CVE-2026-21887

| EUVDEUVD-2026-11599 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-12 security-advisories@github.com GHSA-ffm6-vvph-g5f5 PYSEC-2026-118
7.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 17:16 nvd
HIGH 7.7

DescriptionGitHub Advisory

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axios will accept and process absolute URLs. This results in a semi-blind SSRF, as responses may not be fully visible but can still impact internal systems. This vulnerability is fixed in 6.8.16.

AnalysisAI

OpenCTI versions prior to 6.8.16 contain a server-side request forgery vulnerability in the data ingestion feature that fails to validate user-supplied URLs, allowing authenticated attackers to send requests to arbitrary internal endpoints and services. The Axios HTTP client's permissive default configuration processes absolute URLs without restriction, enabling semi-blind SSRF attacks that can compromise internal systems despite limited response visibility. This vulnerability requires authentication but affects all deployments running vulnerable versions.

Technical ContextAI

This vulnerability (CWE-918: Server-Side Request Forgery (SSRF)) affects OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.. OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axios will accept and process absolute URLs. This results in a semi-blind SSRF, as responses may not

RemediationAI

Fixed in version 6.8.16.. Restrict network access to the affected service where possible.

Share

CVE-2026-21887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy