Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization, allowing computationally expensive scripts to consume cluster CPU resources and degrade or deny service for all users. This issue is fixed in version 7.260401.0.
Published: 2026-07-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Opencti-platform
Opencti-platform opencti
Vendors & Products Opencti-platform
Opencti-platform opencti

Wed, 08 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization, allowing computationally expensive scripts to consume cluster CPU resources and degrade or deny service for all users. This issue is fixed in version 7.260401.0.
Title OpenCTI: Elasticsearch Painless Script Injection via GraphQL `script` filter operator allows authenticated user to exfiltrate data and cause DoS
Weaknesses CWE-863
CWE-94
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Opencti-platform Opencti
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-08T21:08:27.097Z

Reserved: 2026-04-01T18:48:58.937Z

Link: CVE-2026-35211

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T22:45:08Z

Weaknesses
  • CWE-863

    Incorrect Authorization

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')