CVE-2026-39980
Arbitrary JavaScript Execution in OpenCTI safeEjs.ts Template
Publication date: 2026-04-09
Last updated on: 2026-04-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| citeum | opencti | to 6.9.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39980 is a critical remote code execution vulnerability in the OpenCTI platform versions prior to 6.9.5. It occurs because the safeEjs.ts file does not properly sanitize EJS templates. This flaw allows users who have the Manage customization capability to execute arbitrary JavaScript code within the OpenCTI platform process during notifier template execution.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full compromise of data confidentiality, data integrity, and system availability. Because it allows arbitrary code execution within the platform process, an attacker with Manage customization privileges can potentially take control of the system remotely, leading to unauthorized access, data manipulation, or denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper sanitization of EJS templates in the safeEjs.ts file of OpenCTI versions prior to 6.9.5, allowing users with Manage customization capability to execute arbitrary JavaScript.
Detection would typically involve verifying the OpenCTI platform version and checking for the presence of the vulnerable safeEjs.ts file or suspicious JavaScript execution during notifier template processing.
Specific commands or network detection methods are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the OpenCTI platform to version 6.9.5 or later, where this vulnerability has been fixed.
Additionally, restrict the Manage customization capability to trusted users only, as the vulnerability requires this privilege to be exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-39980 is a critical remote code execution vulnerability that allows users with the Manage customization capability to execute arbitrary JavaScript code within the OpenCTI platform process. This can lead to a full compromise of data confidentiality, integrity, and availability.
Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system integrity and availability.
Because the vulnerability allows potential unauthorized access and manipulation of data, it could lead to violations of data protection requirements, unauthorized disclosure of personal or sensitive information, and failure to maintain system security controls mandated by these regulations.