CVE-2026-35211 OpenCTI: Elasticsearch Painless Script Injection via GraphQL `script` filter operator allows authenticated user to exfiltrate data and cause DoS
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...