CVE-2026-27960

Daily digests

OpenCTI versions 6.6.0 through 6.9.12 have a privilege escalation bug that lets an unauthenticated attacker query the API as any existing user, including the default admin account. No credentials needed. If your OpenCTI instance is reachable, an attacker gets full admin access to your threat intelligence platform.

• Daily Digest · May 6, 2026

  Eclipse BaSyx CVSS 10 RCE + 4 critical bugs