CVE-2025-26621

High CVSS: 7.6

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

Vendor

Citeum

Product

Opencti

CWE

CWE-94

Yayın Tarihi

2025-05-19 16:15:28

Güncelleme

2025-08-06 17:54:26

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Opencti HIGH Citeum 2025

Referanslar

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm

Benzer Kayıtlar

Medium

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, th…

Medium

CVE-2020-37044

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can…

High

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can…

Medium

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2025-61781

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…