Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-24467 -- CVSS 9.0 Vulnerability Briefing

CVE-2026-24467 | CVSS 9.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-24467 is a critical-severity vulnerability in Filigran's OpenAEV platform, an open source adversary simulation and campaign management tool, affecting versions 1.0.0 through prior to 2.0.13.

Technical Detail

The vulnerability exists in OpenAEV's core platform code introduced at version 1.0.0 and unresolved until version 2.0.13. The full technical description is truncated in available data, so the precise flaw class, such as authentication bypass, remote code execution, or privilege escalation, has not been fully disclosed publicly at this time. Given the CVSS score of 9.0 and the nature of the platform as a cyber adversary simulation environment with likely privileged access to sensitive campaign data and infrastructure integrations, successful exploitation could carry significant organizational impact including unauthorized access to red team operations, campaign data, or connected systems.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in CISA's Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code or evidence of active exploitation in the wild as of April 27, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence data.

What To Do

Organizations running OpenAEV should upgrade to version 2.0.13 or later immediately, as this is the confirmed remediated release. Given the platform's role in adversary simulation operations and its likely access to sensitive security infrastructure, patching should be treated as high priority regardless of the current absence of known exploits. Until patching is complete, restrict network access to the OpenAEV instance to authorized personnel only and review access logs for anomalous activity. Monitor Filigran's official advisories and the NVD entry for updated technical details as the full vulnerability description becomes available.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →