PYSEC-2026-167

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2026-167.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-167
Aliases
Published
2026-05-26T18:16:51.023Z
Modified
2026-05-28T12:00:04.639869461Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.

References

Affected packages

PyPI / pycti

Package

Name
pycti
View open source insights on deps.dev
Purl
pkg:pypi/pycti

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.9.7

Affected versions

1.*
1.2.1
1.2.2
1.2.4
1.2.9
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3.0
3.3.1
3.3.2
3.3.3
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0
4.1.1
4.1.2
4.2.1
4.2.2
4.2.3
4.2.4
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.3.0
5.3.post5310
5.3.post5311
5.3.post5312
5.3.post5314
5.3.post5315
5.3.post5316
5.3.post5317
5.3.post5318
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10
5.3.11
5.3.12
5.3.13
5.3.14
5.3.15
5.3.16
5.3.17
5.4.0
5.4.1
5.5.0
5.5.post551
5.5.post552
5.5.post553
5.5.post554
5.5.post555
5.5.post556
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.6.0
5.6.post560
5.6.post561
5.6.post562
5.6.1
5.6.2
5.7.0
5.7.post570
5.7.post571
5.7.post572
5.7.post573
5.7.post574
5.7.post575
5.7.post576
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.8.0
5.8.1
5.8.2
5.8.3
5.8.4
5.8.5
5.8.6
5.8.7
5.9.0
5.9.1
5.9.2
5.9.3
5.9.4
5.9.5
5.9.6
5.10.0
5.10.1
5.10.2
5.10.3
5.11.0
5.11.1
5.11.2
5.11.3
5.11.4
5.11.5
5.11.6
5.11.7
5.11.8
5.11.9
5.11.10
5.11.11
5.11.12
5.11.13
5.11.14
5.12.0
5.12.1
5.12.2
5.12.3
5.12.4
5.12.5
5.12.6
5.12.7
5.12.8
5.12.9
5.12.10
5.12.11
5.12.12
5.12.13
5.12.14
5.12.15
5.12.16
5.12.17
5.12.18
5.12.19
5.12.20
5.12.21
5.12.22
5.12.23
5.12.24
5.12.25
5.12.26
5.12.27
5.12.28
5.12.29
5.12.30
5.12.31
5.12.32
5.12.33
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.1.10
6.1.11
6.1.12
6.1.13
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.19
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.3.9
6.3.10
6.3.11
6.3.12
6.3.13
6.3.14
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.4.11
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.7
6.5.8
6.5.9
6.5.10
6.5.11
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
6.6.7
6.6.8
6.6.9
6.6.10
6.6.11
6.6.12
6.6.13
6.6.14
6.6.15
6.6.16
6.6.17
6.6.18
6.7.0
6.7.1
6.7.2
6.7.3
6.7.4
6.7.5
6.7.6
6.7.7
6.7.8
6.7.9
6.7.10
6.7.11
6.7.12
6.7.13
6.7.14
6.7.15
6.7.16
6.7.17
6.7.18
6.7.19
6.7.20
6.8.0
6.8.1
6.8.2
6.8.3
6.8.4
6.8.5
6.8.6
6.8.7
6.8.8
6.8.9
6.8.10
6.8.11
6.8.12
6.8.13
6.8.14
6.8.15
6.8.16
6.8.17
6.9.0
6.9.1
6.9.2
6.9.3
6.9.4
6.9.5
6.9.6

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2026-167.yaml"