Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pycti@6.9.12
purl pkg:pypi/pycti@6.9.12
Next non-vulnerable version 6.9.13
Latest non-vulnerable version 6.9.13
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-nqfe-un38-ufgb
Aliases:
CVE-2026-27960
GHSA-6vvv-vmfr-xhrx
PYSEC-2026-119
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin account. This issue has been fixed in version 6.9.13. As a workaround, the default admin can be disabled using the `APP__ADMIN__EXTERNALLY_MANAGED` configuration.
6.9.13
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:24:58.177841+00:00 Pypa Importer Affected by VCID-nqfe-un38-ufgb https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2026-119.yaml 38.6.0