The OpenCTI platform suffers from a privilege escalation vulnerability that permits unauthenticated attackers to exploit the API and access it as any existing user, including the default administrator.
5 May 2026
- Severity: Critical
- CVSS Score: 9.8 (High)
- Confidentiality: High
- Integrity: High
- Availability: High
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- Python 3.8+
- Libraries: requests, argparse (install via
pip install -r requirements.txt)
- Install dependencies:
pip install -r requirements.txt - Run the explоit:
python explоit.py --target <target_url> --file "/path/to/Web.config"
This vulnerability affects versions 6.6.0 through 6.9.12. Users are encouraged to upgrade to version 6.9.13, which contains the necessary fixes. Additionally, disabling the default admin account using the APP__ADMIN__EXTERNALLY_MANAGED configuration is recommended as a temporary workaround to enhance security.
- This script is a proof-of-concept for CVE-2026-27960 for educational and authorized security testing purposes.
- Do not use this script on systems without explicit permission from the system owner.
- Misuse may violate laws, including the Computer Fraud and Abuse Act (CFAA) in the United States or similar laws elsewhere.
- Always obtain written consent before testing any system.