CVE

CVE-2026-21887

OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

CVE

CVE-2026-21887

OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axios will accept and process absolute URLs. This results in a semi-blind SSRF, as responses may not be fully visible but can still impact internal systems. This vulnerability is fixed in 6.8.16.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.7

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21887.json, https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-ffm6-vvph-g5f5, https://nvd.nist.gov/vuln/detail/CVE-2026-21887

Severity

7.7

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.7

EPSS Probability

0.00044%

EPSS Percentile

0.13625%

Introduced Version

Fix Available

177a74ff8807327134c793af8784a96dd4182fbd

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-21887

CVE-2026-21887

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.7

Basic Information

Fix Critical Vulnerabilities Instantly