Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37313?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37313?format=api", "vulnerability_id": "VCID-nqfe-un38-ufgb", "summary": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.", "aliases": [ { "alias": "CVE-2026-27960" }, { "alias": "GHSA-6vvv-vmfr-xhrx" }, { "alias": "PYSEC-2026-119" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50032?format=api", "purl": "pkg:pypi/pycti@6.9.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.13" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48816?format=api", "purl": "pkg:pypi/pycti@6.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m7xr-bwh3-wkg1" }, { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/48817?format=api", "purl": "pkg:pypi/pycti@6.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50021?format=api", "purl": "pkg:pypi/pycti@6.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50022?format=api", "purl": "pkg:pypi/pycti@6.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/50023?format=api", "purl": "pkg:pypi/pycti@6.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/50024?format=api", "purl": "pkg:pypi/pycti@6.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/50025?format=api", "purl": "pkg:pypi/pycti@6.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" }, { "vulnerability": "VCID-vb19-z3p4-9yc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/50026?format=api", "purl": "pkg:pypi/pycti@6.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/50027?format=api", "purl": "pkg:pypi/pycti@6.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/50028?format=api", "purl": "pkg:pypi/pycti@6.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/50029?format=api", "purl": "pkg:pypi/pycti@6.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/50030?format=api", "purl": "pkg:pypi/pycti@6.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/50031?format=api", "purl": "pkg:pypi/pycti@6.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nqfe-un38-ufgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pycti@6.9.12" } ], "references": [ { "reference_url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.8 - 9.8", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqfe-un38-ufgb" }