Vulnerabilities3 min read
OpenCTI Auth Bypass Lets Attackers Hijack Admin Accounts (CVSS 9.8)
CVE-2026-27960 in OpenCTI 6.6.0-6.9.12 allows unauthenticated API access as any user, including admin. Upgrade to 6.9.13 or disable the default admin account.
Marcus ChenMay 6, 2026