CVE-2026-35212
OpenCTI has XSS in the rendering of email-message observable body data
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
15th
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does require user interaction but could be exploited by someone sharing stix or any of the ingester. This could lead to CSRF and then large scale session theft. Version 7.260227.0 contains a fix.
| CWE | CWE-79 |
| Vendor | opencti-platform |
| Product | opencti |
| Published | Jun 2, 2026 |
| Last Updated | Jun 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for opencti-platform opencti
Be the first to know when new unknown vulnerabilities affecting opencti-platform opencti are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
OpenCTI-Platform / opencti
< 7.260227.0