๐Ÿ” CVE Alert

CVE-2026-35210

HIGH 7.1

OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

CVSS Score
7.1
EPSS Score
0.3%
EPSS Percentile
19th

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.

CWE CWE-639 CWE-863
Vendor opencti-platform
Product opencti
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for opencti-platform opencti

Be the first to know when new high vulnerabilities affecting opencti-platform opencti are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Affected Versions

OpenCTI-Platform / opencti
< 7.260326.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-36fr-4m54-94mj github.com: https://github.com/OpenCTI-Platform/opencti/pull/14243 github.com: https://github.com/OpenCTI-Platform/opencti/commit/134531ddf5ecf741006b7f0870b7c36711b96540 github.com: https://github.com/OpenCTI-Platform/opencti/releases/tag/7.260326.0