CVE-2026-42156

EUVD-2026-29873
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query. This vulnerability is fixed in 1.2.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Common Weakness Enumeration
References
https://github.com/reconurge/flowsint/security/advisories/GHSA-h5m2-c2c5-968p
https://github.com/reconurge/flowsint/security/advisories/GHSA-h5m2-c2c5-968p