CVE-2026-39980
Received Received - Intake
Arbitrary JavaScript Execution in OpenCTI safeEjs.ts Template

Publication date: 2026-04-09

Last updated on: 2026-04-22

Assigner: GitHub, Inc.

Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-14
NVD
CVE-2026-39980
EUVD
EUVD-2026-20972
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
citeum opencti to 6.9.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39980 is a critical remote code execution vulnerability in the OpenCTI platform versions prior to 6.9.5. It occurs because the safeEjs.ts file does not properly sanitize EJS templates. This flaw allows users who have the Manage customization capability to execute arbitrary JavaScript code within the OpenCTI platform process during notifier template execution.

Compliance Impact

CVE-2026-39980 is a critical remote code execution vulnerability that allows users with the Manage customization capability to execute arbitrary JavaScript code within the OpenCTI platform process. This can lead to a full compromise of data confidentiality, integrity, and availability.

Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system integrity and availability.

Because the vulnerability allows potential unauthorized access and manipulation of data, it could lead to violations of data protection requirements, unauthorized disclosure of personal or sensitive information, and failure to maintain system security controls mandated by these regulations.

Impact Analysis

This vulnerability can have severe impacts including full compromise of data confidentiality, data integrity, and system availability. Because it allows arbitrary code execution within the platform process, an attacker with Manage customization privileges can potentially take control of the system remotely, leading to unauthorized access, data manipulation, or denial of service.

Detection Guidance

This vulnerability involves improper sanitization of EJS templates in the safeEjs.ts file of OpenCTI versions prior to 6.9.5, allowing users with Manage customization capability to execute arbitrary JavaScript.

Detection would typically involve verifying the OpenCTI platform version and checking for the presence of the vulnerable safeEjs.ts file or suspicious JavaScript execution during notifier template processing.

Specific commands or network detection methods are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade the OpenCTI platform to version 6.9.5 or later, where this vulnerability has been fixed.

Additionally, restrict the Manage customization capability to trusted users only, as the vulnerability requires this privilege to be exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart