CVE-2024-26139
8.1
HIGH
CVSS 3.1
EPSS 0.16%
Description
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
How to fix CVE-2024-26139
To remediate CVE-2024-26139, upgrade the affected package to a fixed version below.
- PyPI/pycti—upgrade to 5.12.32 or later
Is CVE-2024-26139 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.12.32
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |