Vulnerabilidades en OpenCTI-Platform
16 resultadosCVE-2025-24977CRITICALOpenCTI has remote code execution and sensitive secrets exposed through web hookEPSS 0.8%CVE-2024-45404HIGHOpenCTI's lack of Rate Limit lead to OTP brute forcingEPSS 0.6%CVE-2026-39980CRITICALOpenCTI affected by RCE via notifier templateEPSS 0.5%CVE-2026-27960CRITICALOpenCTI privilege escalation and unauthenticated access via default admin accountEPSS 0.5%CVE-2024-37155MEDIUMOpenCTI May Bypass Introspection RestrictionEPSS 0.4%CVE-2024-26139HIGHOpenCTI Authenticated Privilege EscalationEPSS 0.4%CVE-2025-26621HIGHOpenCTI vulnerable to Denial of Service through web hookEPSS 0.4%CVE-2024-45805MEDIUMOpenCTI leaks support information due to inadequate access controlEPSS 0.3%CVE-2026-44730HIGHOpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAddEPSS 0.3%CVE-2026-21886MEDIUMOpenCTI's GraphQL Mutations Allow Deletion of Unrelated EntitiesEPSS 0.2%CVE-2025-61782MEDIUMOpen Redirect in OpenCTI's SAML Authentication FlowEPSS 0.2%CVE-2026-21887HIGHOpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion FeatureEPSS 0.2%CVE-2025-61781HIGHGraphQL IDOR allows authenticated user to delete workspace content of other usersEPSS 0.2%CVE-2025-24887MEDIUMOpenCTI bypass of protected attribute updateEPSS 0.2%CVE-2025-46732MEDIUMOpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other usersEPSS 0.2%CVE-2026-35212MEDIUMOpenCTI has XSS in the rendering of email-message observable body dataEPSS 0.1%