CVE-2026-35210 PUBLISHED

OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

Assigner: GitHub_M
Reserved: 01.04.2026 Published: 08.07.2026 Updated: 09.07.2026

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVSS Score: 7.1

Product Status

Vendor OpenCTI-Platform
Product opencti
Versions
  • Version < 7.260326.0 is affected

References

Problem Types

  • CWE-639: Authorization Bypass Through User-Controlled Key CWE
  • CWE-863: Incorrect Authorization CWE