Description
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.
Published: 2026-05-12
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Flowsint is an open‑source OSINT graph exploration tool used for cybersecurity investigations. The vulnerability is a broken access control flaw that permits any user with knowledge of an investigation ID to modify the metadata of an investigation belonging to another user. This misuse of the metadata layer can compromise the integrity of investigative records.

Affected Systems

Affected deployments are those running reconurge Flowsint versions older than 1.2.3. The flaw exists in the pre‑1.2.3 code base and does not impact the latest version, which incorporates a patch that binds metadata updates to the owning user and verifies proper authorization.

Risk and Exploitability

The CVSS score is 2.3, indicating low severity, and the vulnerability is not listed in the CISA KEV catalog. There is no EPSS score available, so the likelihood of exploitation is uncertain. The attack requires knowledge of a valid investigation ID. While the flaw does not lead to code execution, it still permits data tampering that could be harmful to users relying on the accuracy of investigation metadata.

Generated by OpenCVE AI on May 13, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowsint to version 1.2.3 or later
  • Limit or tightly control the disclosure of investigation IDs so that only authorized users can see them
  • Audit existing investigation metadata for integrity and investigate any anomalies

Generated by OpenCVE AI on May 13, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Reconurge
Reconurge flowsint
Vendors & Products Reconurge
Reconurge flowsint

Tue, 12 May 2026 23:15:00 +0000

Type Values Removed Values Added
Description Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.
Title Flowsint: Broken Access Control allows modification of investigation metadata from any user
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Reconurge Flowsint
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T23:01:23.174Z

Reserved: 2026-04-24T17:15:21.835Z

Link: CVE-2026-42158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T23:16:17.470

Modified: 2026-05-12T23:16:17.470

Link: CVE-2026-42158

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T02:00:11Z

Weaknesses