High severity7.2NVD Advisory· Published May 26, 2026· Updated May 27, 2026
CVE-2026-44730
CVE-2026-44730
Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyctiPyPI | < 6.9.7 | 6.9.7 |
Affected products
3<6.9.7+ 2 more
- (no CPE)range: <6.9.7
- cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*range: <6.9.7
- (no CPE)range: <6.9.7
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.