CVE-2020-37041

High CVSS: 7.1

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Vendor

Citeum

Product

Opencti

CWE

CWE-22

Yayın Tarihi

2026-01-30 23:16:09

Güncelleme

2026-02-13 17:56:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Opencti HIGH Citeum 2026

Referanslar

https://github.com/OpenCTI-Platform/opencti https://www.exploit-db.com/exploits/48595 https://www.opencti.io/ https://www.vulncheck.com/advisories/opencti-directory-traversal

Benzer Kayıtlar

Medium

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, th…

Medium

CVE-2020-37044

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can…

Medium

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2025-61781

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

Medium

CVE-2025-46732

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…