Vulnerability Description
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query. This vulnerability is fixed in 1.2.3.
Related Weaknesses (CWE)
References
- https://github.com/reconurge/flowsint/security/advisories/GHSA-h5m2-c2c5-968p
- https://github.com/reconurge/flowsint/security/advisories/GHSA-h5m2-c2c5-968p
FAQ
What is CVE-2026-42156?
CVE-2026-42156 is a documented vulnerability. Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious t...
How severe is CVE-2026-42156?
CVSS scoring is not yet available for CVE-2026-42156. Check NVD for updates.
Is there a patch for CVE-2026-42156?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.