Cyber Posture

CVE-2020-37041

HighPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0039 60.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37041 is a high-severity Path Traversal (CWE-22) vulnerability in Citeum Opencti. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

NVD Description

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting…

more

/static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Deeper analysisAI

CVE-2020-37041 is a directory traversal vulnerability in OpenCTI version 3.3.1, specifically affecting the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests containing path traversal sequences such as '../' in the URL. For example, a request to /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. The vulnerability, discovered by Raif Berkay Dincel, was confirmed on Linux Mint and Windows 10, with a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and mapped to CWE-22.

An unauthenticated attacker can exploit this vulnerability remotely with low attack complexity, no privileges, and no user interaction required. Successful exploitation grants high confidentiality impact by allowing access to sensitive files on the server, such as configuration files or password lists, while causing no integrity or availability disruption.

Advisories and related resources, including the OpenCTI GitHub repository (https://github.com/OpenCTI-Platform/opencti), an Exploit-DB entry (https://www.exploit-db.com/exploits/48595), the OpenCTI website (https://www.opencti.io/), and a Vulncheck advisory (https://www.vulncheck.com/advisories/opencti-directory-traversal), provide further details on patches and mitigation.

Details

CWE(s)
CWE-22

Affected Products

citeum
opencti
3.3.1

CVEs Like This One

CVE-2026-39980Same product: Citeum Opencti
CVE-2026-21887Same product: Citeum Opencti
CVE-2025-61781Same product: Citeum Opencti
CVE-2026-21886Same product: Citeum Opencti
CVE-2026-23536Shared CWE-22
CVE-2025-23422Shared CWE-22
CVE-2024-48885Shared CWE-22
CVE-2024-12849Shared CWE-22
CVE-2026-33656Shared CWE-22
CVE-2025-8343Shared CWE-22

References