CyberSec.Space Logo
Back to CVE Browser

CVE-2020-37041

HIGH
7.5
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile3.02th
PublishedJan 30, 2026
Last ModifiedFeb 13, 2026

Vulnerability Description

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Affected Platforms (CPE)

πŸ“¦
Citeum

Opencti

= 3.3.1

References & Advisories

πŸ”— https://github.com/OpenCTI-Platform/opencti
πŸ”— https://www.exploit-db.com/exploits/48595
πŸ”— https://www.opencti.io/
πŸ”— https://www.vulncheck.com/advisories/opencti-directory-traversal

Related Vulnerabilities

CVE-2020-370445.4

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arb...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...