{"id":"PYSEC-2026-167","details":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.","aliases":["CVE-2026-44730","GHSA-q537-qhj4-wcjx"],"modified":"2026-05-28T12:00:04.639869461Z","published":"2026-05-26T18:16:51.023Z","references":[{"type":"ADVISORY","url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-q537-qhj4-wcjx"}],"affected":[{"package":{"name":"pycti","ecosystem":"PyPI","purl":"pkg:pypi/pycti"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.7"}]}],"versions":["1.2.1","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15","1.2.2","1.2.4","1.2.9","2.0.0","2.0.1","2.0.2","2.0.3","2.1.10","2.1.11","2.1.12","2.1.13","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","3.0.0","3.0.1","3.0.2","3.0.3","3.1.0","3.1.1","3.1.2","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.3.0","3.3.1","3.3.2","3.3.3","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.1.0","4.1.1","4.1.2","4.2.1","4.2.2","4.2.3","4.2.4","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.4.1","4.4.2","4.4.3","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","5.0.0","5.0.1","5.0.2","5.0.3","5.1.0","5.1.1","5.1.2","5.1.3","5.1.4","5.10.0","5.10.1","5.10.2","5.10.3","5.11.0","5.11.1","5.11.10","5.11.11","5.11.12","5.11.13","5.11.14","5.11.2","5.11.3","5.11.4","5.11.5","5.11.6","5.11.7","5.11.8","5.11.9","5.12.0","5.12.1","5.12.10","5.12.11","5.12.12","5.12.13","5.12.14","5.12.15","5.12.16","5.12.17","5.12.18","5.12.19","5.12.2","5.12.20","5.12.21","5.12.22","5.12.23","5.12.24","5.12.25","5.12.26","5.12.27","5.12.28","5.12.29","5.12.3","5.12.30","5.12.31","5.12.32","5.12.33","5.12.4","5.12.5","5.12.6","5.12.7","5.12.8","5.12.9","5.2.0","5.2.1","5.2.2","5.2.3","5.2.4","5.3.0","5.3.1","5.3.10","5.3.11","5.3.12","5.3.13","5.3.14","5.3.15","5.3.16","5.3.17","5.3.2","5.3.3","5.3.4","5.3.5","5.3.6","5.3.7","5.3.8","5.3.9","5.3.post5310","5.3.post5311","5.3.post5312","5.3.post5314","5.3.post5315","5.3.post5316","5.3.post5317","5.3.post5318","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.5.3","5.5.4","5.5.5","5.5.6","5.5.post551","5.5.post552","5.5.post553","5.5.post554","5.5.post555","5.5.post556","5.6.0","5.6.1","5.6.2","5.6.post560","5.6.post561","5.6.post562","5.7.0","5.7.1","5.7.2","5.7.3","5.7.4","5.7.5","5.7.6","5.7.post570","5.7.post571","5.7.post572","5.7.post573","5.7.post574","5.7.post575","5.7.post576","5.8.0","5.8.1","5.8.2","5.8.3","5.8.4","5.8.5","5.8.6","5.8.7","5.9.0","5.9.1","5.9.2","5.9.3","5.9.4","5.9.5","5.9.6","6.0.0","6.0.1","6.0.10","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.1.0","6.1.1","6.1.10","6.1.11","6.1.12","6.1.13","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.1.9","6.2.0","6.2.1","6.2.10","6.2.11","6.2.12","6.2.13","6.2.14","6.2.15","6.2.16","6.2.17","6.2.18","6.2.19","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.8","6.2.9","6.3.0","6.3.1","6.3.10","6.3.11","6.3.12","6.3.13","6.3.14","6.3.2","6.3.3","6.3.4","6.3.5","6.3.6","6.3.7","6.3.8","6.3.9","6.4.0","6.4.1","6.4.10","6.4.11","6.4.2","6.4.3","6.4.4","6.4.5","6.4.6","6.4.7","6.4.8","6.4.9","6.5.0","6.5.1","6.5.10","6.5.11","6.5.2","6.5.3","6.5.4","6.5.5","6.5.6","6.5.7","6.5.8","6.5.9","6.6.0","6.6.1","6.6.10","6.6.11","6.6.12","6.6.13","6.6.14","6.6.15","6.6.16","6.6.17","6.6.18","6.6.2","6.6.3","6.6.4","6.6.5","6.6.6","6.6.7","6.6.8","6.6.9","6.7.0","6.7.1","6.7.10","6.7.11","6.7.12","6.7.13","6.7.14","6.7.15","6.7.16","6.7.17","6.7.18","6.7.19","6.7.2","6.7.20","6.7.3","6.7.4","6.7.5","6.7.6","6.7.7","6.7.8","6.7.9","6.8.0","6.8.1","6.8.10","6.8.11","6.8.12","6.8.13","6.8.14","6.8.15","6.8.16","6.8.17","6.8.2","6.8.3","6.8.4","6.8.5","6.8.6","6.8.7","6.8.8","6.8.9","6.9.0","6.9.1","6.9.2","6.9.3","6.9.4","6.9.5","6.9.6"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2026-167.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}