OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.
History

Thu, 09 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Opencti-platform
Opencti-platform opencti
Vendors & Products Opencti-platform
Opencti-platform opencti

Wed, 08 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.
Title OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection
Weaknesses CWE-639
CWE-863
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-07-08T21:06:02.349Z

Updated: 2026-07-09T13:45:43.275Z

Reserved: 2026-04-01T18:48:58.937Z

Link: CVE-2026-35210

cve-icon Vulnrichment

Updated: 2026-07-09T13:45:39.218Z

cve-icon NVD

No data.

cve-icon Redhat

No data.