What is the CVSS score of CVE-2026-44730?

CVE-2026-44730 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of OpenCTI are affected by CVE-2026-44730?

OpenCTI versions prior to 6.9.7 contain a privilege escalation vulnerability in the userEdit GraphQL mutation that allows organization administrators to gain platform-wide access by exploiting…. A patch is available.

How to fix or mitigate CVE-2026-44730?

Within 24 hours: identify all OpenCTI instances, document current versions, and determine if multi-organization mode is enabled. Within 7 days: plan and schedule upgrades to OpenCTI 6.9.7 or later across all affected instances, prioritizing production systems. Within 30 days: complete all upgrades, validate GraphQL ACL enforcement on userEdit mutations, and conduct audit of recent admin role additions for unauthorized cross-organization privilege grants.

OpenCTI CVE-2026-44730

EUVD-2026-31908 HIGH

Improper Access Control (CWE-284)

2026-05-26 GitHub_M

GHSA-q537-qhj4-wcjx PYSEC-2026-167

Authentication Bypass Opencti

7.2

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Jun 08, 2026 - 10:12 vuln.today

Analysis Generated

Jun 08, 2026 - 10:12 vuln.today

Patch available

May 26, 2026 - 19:02 EUVD

DescriptionGitHub Advisory

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

AnalysisAI

Privilege escalation in OpenCTI prior to 6.9.7 allows an organization admin to gain elevated platform-wide privileges by adding a higher-privileged user from a different organization into their own organization, exploiting incorrect ACL enforcement on the userEdit relationAdd GraphQL mutation. The flaw yields full platform access and exposure of sensitive intelligence data; no public exploit identified at time of analysis and EPSS is very low (0.04%, 11th percentile), but the vendor-confirmed GHSA advisory and trivial attack complexity make this a meaningful tenancy-isolation issue for multi-organization deployments.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as organization admin

Delivery

Enumerate higher-privileged users in other organizations

Exploit

Send userEdit relationAdd GraphQL mutation

Execution

Bypass missing ACL check

Persist

Inherit elevated privileges

Impact

Access sensitive CTI data and control platform

Access

Authenticate as organization admin

Delivery

Enumerate higher-privileged users in other organizations

Exploit

Send userEdit relationAdd GraphQL mutation

Execution

Bypass missing ACL check

Persist

Inherit elevated privileges

Impact

Access sensitive CTI data and control platform

Vulnerability AssessmentAI

Exploitation	Requires a pre-existing organization-administrator account on an OpenCTI instance running a version below 6.9.7, network reachability to the OpenCTI GraphQL API endpoint, and knowledge of (or ability to enumerate) a target user from another organization who holds higher privileges than the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H yields 7.2 (High): network-reachable, low complexity, no user interaction, but requires high privileges (an existing organization admin account), with high impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A user holding organization-admin rights in a multi-tenant OpenCTI instance identifies a higher-privileged account (for example, a platform administrator or a member of another organization with broad capabilities) and issues a crafted GraphQL userEdit relationAdd mutation to attach that account to their own organization. Because the ACL check on the relationship resolver is missing, the operation succeeds and the attacker inherits or leverages the elevated user's context to read sensitive threat intelligence, modify data, or take over the platform. …
Remediation	Vendor-released patch: upgrade OpenCTI to 6.9.7 or later, and update the pycti client package to 6.9.7 as referenced in GHSA-q537-qhj4-wcjx (https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all OpenCTI instances, document current versions, and determine if multi-organization mode is enabled. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-44730 vulnerability details – vuln.today

Back

OpenCTI CVE-2026-44730

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code