MEDIUM 6.1

PYSEC-2026-115

Details

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pycti

Introduced in: 0

No fixed version published yet for pycti (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.opencti.io/ [WEB]
https://www.vulncheck.com/advisories/opencti-cross-site-scripting [ADVISORY]
https://github.com/OpenCTI-Platform/opencti [PACKAGE]
https://www.exploit-db.com/exploits/48595 [EVIDENCE]