CVE-2026-44730 — OpenCTI: Privilege escalation via graphQL API is abusable by organization admins

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

How to fix CVE-2026-44730

To remediate CVE-2026-44730, upgrade the affected package to a fixed version below.

—upgrade to 6.9.7 or later
—upgrade to 6.9.7 or later

Is CVE-2026-44730 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 6.9.7
from 0, < 6.9.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-44730
PATCHgithub.com/OpenCTI-Platform/opencti
WEBgithub.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx
WEBgithub.com/pypa/advisory-database/tree/main/vulns/pycti/PYSEC-2026-167.yaml