CVE-2026-42158
LOWFlowsint: Broken Access Control allows modification of investigation metadata from any user
Title source: cnaDescription
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/reconurge/flowsint/security/advisories/GHSA-5h6v-5hv3-3jjw
Scores
CVSS v4
2.3
EPSS
0.0017
EPSS Percentile
6.6%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
reconurge/flowsint
< 1.2.3
Published
May 12, 2026
Tracked Since
May 13, 2026