Arbitrary File Write Vulnerability in Tookie OSINT Tool by Alfredredbird
CVE-2026-42866

6.7MEDIUM

Key Information:

Vendor: Alfredredbird
Status: Tookie-osint
Vendor: CVE Published:; 11 May 2026

🔔 Create Alfredredbird Vulnerability Alert

What is CVE-2026-42866?

The Tookie OSINT information gathering tool contains an arbitrary file write vulnerability in versions prior to 4.1fix. This issue arises from unsanitized user input, where the tool opens output files using a user-supplied string derived from CLI arguments. If an attacker provides a username that includes path-separating characters, it enables them to dictate the output file location, potentially causing the tool to write files to any directory where the invoking user has write permissions. This vulnerability poses significant risk as it could lead to unauthorized data manipulation or overwriting of files.

Affected Version(s)

tookie-osint < 4.1fix

References

https://github.com/Alfredredbird/tookie-osint/security/ad...

x_refsource_CONFIRM

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42866 Data

JSON