OpenCTI affected by RCE via notifier template_CVE-2026-39980

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.

Basic Information

ID CVE-2026-39980

Source GitHub_M

Published Apr 9, 2026 at 16:54

Modified Apr 9, 2026 at 18:44

Affected Product

Vendor OpenCTI-Platform

Product opencti

Version < 6.9.5

Affected Versions OpenCTI-Platform opencti < 6.9.5

CWE Classification

CWE-1336

References

{
    "lastseen": "",
    "description": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.",
    "published": "2026-04-09T16:54:31.566Z",
    "modified": "2026-04-09T18:44:10.616Z",
    "type": "cve",
    "title": "OpenCTI affected by RCE via notifier template",
    "source": "GitHub_M",
    "references": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jv9r-jw2f-rhrf\nhttps://github.com/OpenCTI-Platform/opencti/releases/tag/6.9.5",
    "id": "CVE-2026-39980",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1336"
    ],
    "cvelist": null,
    "sourceData": "OpenCTI-Platform opencti < 6.9.5",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "opencti",
    "version": "< 6.9.5",
    "vendor": "OpenCTI-Platform",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}