CVE-2026-35212 – OpenCTI has XSS in the rendering of email-message observable body data

CVE ID :CVE-2026-35212

Published : June 2, 2026, 10:16 p.m. | 16 minutes ago

Description :OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn’t appropriately sanitized when being rendered. Does require user interaction but could be exploited by someone sharing stix or any of the ingester. This could lead to CSRF and then large scale session theft. Version 7.260227.0 contains a fix.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9732 – EmergencyWP

CVE-2026-7421 – Passeum Ticketing

CVE-2026-10692 – johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

CVE-2026-10691 – wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos