Vulnerability Description
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relationships. The sketches contain information on an OSINT target (usernames, websites, etc) within these nodes and relationships. A remote attacker can create a node with a malicious description that contains arbitrary HTML. When the node is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flowsint | Flowsint | < 1.2.3 |
Related Weaknesses (CWE)
References
- https://github.com/reconurge/flowsint/security/advisories/GHSA-w233-5mmx-cr7xExploitVendor Advisory
- https://github.com/reconurge/flowsint/security/advisories/GHSA-w233-5mmx-cr7xExploitVendor Advisory
FAQ
What is CVE-2026-42159?
CVE-2026-42159 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which...
How severe is CVE-2026-42159?
CVE-2026-42159 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-42159?
Check the references section above for vendor advisories and patch information. Affected products include: Flowsint Flowsint.