pycti
PyPI13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pyctipage 1 of 1
- CVE-2020-37041HIGHCVSS 7.5EG 7.52026-01-30
vulnerable: 1.2.1 ... 3.3.1 (41 versions)
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') i…
- CVE-2020-37044MEDIUMCVSS 5.4EG 5.42026-01-30
vulnerable: 1.2.1 ... 3.3.1 (41 versions)
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading…
- CVE-2022-30289MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.3.02022-07-05
vulnerable: 1.2.1 ... 5.2.4 (88 versions)
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they…
- CVE-2022-30290HIGHCVSS 7.5EG 7.5✓ Fixed in 5.3.02022-07-05
vulnerable: 1.2.1 ... 5.2.4 (88 versions)
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their…
- CVE-2024-26139HIGHCVSS 8.3EG 8.3✓ Fixed in 5.12.322024-05-23
vulnerable: 1.2.1 ... 5.9.6 (215 versions)
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low p…
- CVE-2024-45404HIGHCVSS 8.1EG 8.1✓ Fixed in 6.2.182024-12-12
vulnerable: 1.2.1 ... 6.2.9 (260 versions)
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can bre…
- CVE-2024-45805MEDIUMCVSS 4.3EG 4.3✓ Fixed in 6.3.02024-12-26
vulnerable: 1.2.1 ... 6.2.9 (262 versions)
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to …
- CVE-2025-24887MEDIUMCVSS 6.3EG 6.3✓ Fixed in 6.4.112025-04-30
vulnerable: 6.4.10, 6.4.9
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It…
- CVE-2025-24977CRITICALCVSS 9.1EG 9.1✓ Fixed in 6.4.112025-05-05
vulnerable: 6.4.10, 6.4.8, 6.4.9
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal…
- CVE-2025-26621HIGHCVSS 7.6EG 7.6✓ Fixed in 6.5.22025-05-19
vulnerable: 1.2.1 ... 6.5.1 (291 versions)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be…
- CVE-2025-46732MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.6.62025-07-18
vulnerable: 1.2.1 ... 6.6.5 (307 versions)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificati…
- CVE-2025-61781HIGHCVSS 7.1EG 7.1✓ Fixed in 6.8.12026-01-05
vulnerable: 1.2.1 ... 6.8.0 (342 versions)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as d…
- CVE-2026-27960CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.9.132026-05-05
vulnerable: 6.9.0 ... 6.9.9 (13 versions)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to quer…
Check whether pycti is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pycti CVEs against the assets you own.
Start Free Scan →