CVE-2026-44730
Analyzed Analyzed - Analysis Complete
Privilege Escalation in OpenCTI via User Addition

Publication date: 2026-05-26

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44730
EUVD
EUVD-2026-31908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
citeum opencti to 6.9.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an organization admin to escalate privileges improperly, potentially gaining full platform access and exposure to sensitive or proprietary information.

Such unauthorized access and exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Impact Analysis

Exploiting this vulnerability can lead to full platform access for the attacker, which means they can access sensitive or proprietary information. The impact affects confidentiality, integrity, and availability of the platform, potentially allowing unauthorized data exposure and manipulation.

Executive Summary

This vulnerability exists in the OpenCTI platform prior to version 6.9.7. It allows an organization admin to escalate their privileges by adding a user from a different organization who has higher privileges into their own organization. This happens because of incorrect Access Control List (ACL) settings on the userEdit relationAdd functionality via the GraphQL API.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the OpenCTI platform to version 6.9.7 or later, where the issue has been fixed.

This update corrects the Access Control List (ACL) settings on the userEdit relationAdd functionality, preventing organization admins from escalating privileges by adding users from different organizations with higher privileges.

Detection Guidance

This vulnerability can be detected by monitoring and auditing the use of the GraphQL API, specifically looking for attempts where an organization admin adds a user from a different organization with higher privileges to their own organization. Since the issue is related to incorrect Access Control List (ACL) settings on the userEdit relationAdd functionality, reviewing API calls or logs for such privilege escalation attempts is key.

There are no specific commands provided in the available resources to detect this vulnerability directly. However, you can audit GraphQL API requests and responses for suspicious user additions across organizations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44730. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart