CVE-2026-42158

Flowsint: Broken Access Control allows modification of investigation metadata from any user

CVSS 2.3 LOWEPSS 0.2%CWE-284

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 2.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 mai 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

reconurge · flowsint

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/reconurge/flowsint/security/advisories/GHSA-5h6v-5hv3-3jjw