CVE-2026-39980

Published April 9, 2026 · Updated April 10, 2026

9.1CVSS

critical

What This Means

CVE-2026-39980 is a critical vulnerability in OpenCTI versions prior to 6.9.5, where improper sanitization of EJS templates in the safeEjs.ts file allows users with the Manage customization capability to execute arbitrary JavaScript. This can lead to remote code execution within the OpenCTI platform, compromising the integrity and security of the system. To mitigate this risk, upgrade to OpenCTI version 6.9.5 or later immediately.

Official Description+

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-39980.

Related Coverage

Vvulnerability

🚨 Critical RCE Vulnerability Discovered in OpenCTI: CVE-2026-39980

CVE-2026-39980 is a critical vulnerability in OpenCTI pre-6.9.5. Improper sanitization allows RCE via EJS templates. Upgrade to version 6.9.5 to mitigate.

NVD·1h ago·3 min read