Data Manipulation Vulnerability in Flowsint OSINT Graph Exploration Tool by Reconurge
CVE-2026-42158

2.3LOW

Key Information:

Vendor: Reconurge
Status: Flowsint
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42158?

Flowsint, an open-source OSINT graph exploration tool by Reconurge, is susceptible to a data manipulation issue. Prior to version 1.2.3, an attacker with knowledge of a specific investigation ID could alter the metadata associated with another user's investigation. This security flaw poses a risk of unauthorized modification of sensitive data, undermining the integrity and confidentiality of ongoing investigations. The vulnerability has been addressed in version 1.2.3, which mitigates this potential exploit.

Affected Version(s)

flowsint < 1.2.3

References

https://github.com/reconurge/flowsint/security/advisories...

x_refsource_CONFIRM

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 24, 2026

CVE-2026-42158 Data

JSON