CVE-2026-44352: Broken Access Control in Flowsint Sketch Logs
Plattform
javascript
Komponente
flowsint
Behoben in
1.2.3
CVE-2026-44352 affects Flowsint, an open-source OSINT graph exploration tool. Prior to version 1.2.3, a broken access control mechanism allows any user to read sketch logs, regardless of their permissions. This poses a potential privacy and security risk. The vulnerability has been addressed in version 1.2.3.
Auswirkungen und Angriffsszenarien
Successful exploitation of CVE-2026-44352 allows unauthorized users to access sketch logs within Flowsint. These logs may contain sensitive information related to OSINT investigations, including user activity, data sources, and analysis results. An attacker could use this information to gain insights into an organization's security posture, identify potential targets, or even compromise user accounts. The blast radius extends to any user who relies on the confidentiality of their sketch logs.
Ausnutzungskontext
CVE-2026-44352 was published on 2026-05-12. Exploitation probability is currently unknown. Public proof-of-concept (POC) code is not yet available. The vulnerability is not listed on KEV or EPSS. Severity is pending evaluation.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Veröffentlicht
Mitigation und Workarounds
The primary mitigation for CVE-2026-44352 is to upgrade Flowsint to version 1.2.3 or later. Until upgraded, implement strict access controls to restrict access to sketch logs based on user roles and permissions. Regularly review and audit user access rights to ensure that only authorized personnel can access sensitive data. There are no specific WAF rules or detection signatures readily available, so focus on patching and access control configuration. After upgrading, confirm the fix by attempting to access sketch logs with a user account that should not have access.
So behebenwird übersetzt…
Actualice Flowsint a la versión 1.2.3 o superior para mitigar la vulnerabilidad de control de acceso roto. Esta actualización corrige el problema que permitía a cualquier usuario leer los registros de bocetos.
Häufig gestellte Fragen
Was ist CVE-2026-44352 in Flowsint?
It's a broken access control vulnerability in Flowsint, allowing unauthorized access to sketch logs.
Bin ich von CVE-2026-44352 in Flowsint betroffen?
You are affected if you are using Flowsint versions 1.0.0 through 1.2.2.
Wie behebe ich CVE-2026-44352 in Flowsint?
Upgrade to Flowsint version 1.2.3 or later to resolve the vulnerability.
Wird CVE-2026-44352 aktiv ausgenutzt?
There are currently no reports of active exploitation, but vigilance is advised.
Wo finde ich den offiziellen Flowsint-Hinweis für CVE-2026-44352?
Refer to the official Flowsint project documentation and security advisories for further information.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...