Stored XSS Vulnerability in Flowsint OSINT Graph Exploration Tool
CVE-2026-42159

5.3MEDIUM

Key Information:

Vendor: Reconurge
Status: Flowsint
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-42159?

The Flowsint OSINT graph exploration tool is susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw allows a remote attacker to craft a node containing malicious HTML in the investigation sketches, which could be rendered when users interact with that node. If exploited, this could lead to arbitrary script execution in the context of the user's session. It is essential for users to update to version 1.2.3 or later to mitigate this risk.

Affected Version(s)

flowsint < 1.2.3

References

https://github.com/reconurge/flowsint/security/advisories...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 24, 2026

CVE-2026-42159 Data

JSON

Reconurge

What is CVE-2026-42159?

Affected Version(s)

References

CVSS V4

Timeline