CVE-2025-46732
OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.
Reserved 2025-04-28 | Published 2025-07-18 | Updated 2025-07-18 | Assigner GitHub_MCWE-285: Improper Authorization
github.com/...pencti/security/advisories/GHSA-535g-qp2c-h7vp
Support options
