DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2024-37155: CVE-2024-37155: Security Bypass in OpenCTI GraphQL Introspection via Whitespace and Control Character Manipulation

#security #cve #cybersecurity

CVE-2024-37155: Security Bypass in OpenCTI GraphQL Introspection via Whitespace and Control Character Manipulation

Vulnerability ID: CVE-2024-37155
CVSS Score: 6.5
Published: 2026-06-22

OpenCTI versions prior to 6.1.9 fail to properly restrict GraphQL schema introspection queries due to a weak pattern-matching implementation. An unauthenticated attacker can bypass the introspection block list by stripping whitespace and carriage returns, enabling complete reconnaissance of the GraphQL schema.

TL;DR

A flaw in OpenCTI's custom validation plugin allows unauthenticated attackers to bypass GraphQL schema introspection restrictions by modifying whitespaces and control characters, exposing the full database schema.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-284
  • Attack Vector: Network
  • CVSS v3.1 Score: 6.5
  • EPSS Score: 0.00442
  • Impact: Partial Confidentiality, Partial Availability
  • Exploit Status: poc
  • KEV Status: Not Listed

Affected Systems

  • OpenCTI Platform (backend GraphQL service)
  • opencti: < 6.1.9 (Fixed in: 6.1.9)

Code Analysis

Commit: f87d969

[backend] Improve control of graphql schema introspection

Mitigation Strategies

  • Upgrade OpenCTI instance to version 6.1.9 or newer.
  • Disable the GraphQL Playground utility by ensuring PLAYGROUND_ENABLED is set to false in the configuration file.
  • Deploy WAF rules to inspect and drop incoming unauthenticated GraphQL payloads containing __schema or __type keywords.

Remediation Steps:

  1. Locate the OpenCTI configuration file (typically conf/conf.json or environment variables).
  2. Update the container image or application source files to pull version 6.1.9.
  3. Verify that standard introspection is disabled by running a curl test with the payload containing no whitespace.
  4. Ensure production deployments utilize AST-based parsing validations to prevent similar syntax-level bypasses.

References

Read the full report for CVE-2024-37155 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)