Vulnerabilities

Report: CVE-2026-27960 - OpenCTI privilege escalation and unauthenticated access via default admin account - Complete Guide

2026-05-05 0 views admin

CVE ID :CVE-2026-27960 Published : May 5, 2026, 7:16 p.m. | 1 hour, 9 minutes ago Description :OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-27960

Severity

CRITICAL

Published

May 5, 2026

Impact: privilege escalation

🏷️ Tags

report27960openctiprivilegeescalationunauthenticatedaccessdefaultadminaccount

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-27960 - OpenCTI privilege escalation and unauthenticated access via default admin account - Complete Guide

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-42997 - Dell Idrac Authorization Credential Exposure

Report: Latest: CVE-2026-7855 - D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow

Report: CVE-2026-7854 - D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow

Report: CVE-2026-33975 - twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization - Full Analysis

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting