CVE-2026-42156: Cypher Injection in Flowsint
Platform
javascript
Component
flowsint
Fixed in
1.2.3
CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool, allowing a remote attacker to inject malicious Cypher queries. This can lead to unauthorized access and manipulation of data within the Flowsint graph database. The vulnerability impacts versions 1.0.0 through 1.2.2 and is resolved in version 1.2.3.
Impact and Attack Scenarios
Successful exploitation of CVE-2026-42156 allows an attacker to craft a malicious node type within Flowsint. This crafted node, when processed, can escape the intended Cypher query and execute arbitrary Cypher commands. The potential impact is significant, ranging from data exfiltration of sensitive OSINT data to complete compromise of the underlying graph database. An attacker could potentially modify or delete data, gain unauthorized access to connected systems, or even execute commands on the server hosting Flowsint, depending on the database permissions. The blast radius extends to any systems or data accessible through the Flowsint graph.
Exploitation Context
CVE-2026-42156 was published on 2026-05-12. Currently, there are no publicly known proof-of-concept exploits. The EPSS score is pending evaluation. It is not listed on KEV. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Affected Software
Weakness Classification (CWE)
Timeline
- Published
Mitigation and Workarounds
The primary mitigation for CVE-2026-42156 is to upgrade Flowsint to version 1.2.3 or later, which contains the fix for this Cypher injection vulnerability. If upgrading immediately is not feasible, consider implementing input validation on any user-supplied data used to create nodes within Flowsint. This can help prevent the creation of malicious node types. While a WAF or proxy cannot directly prevent this vulnerability, it can be configured to monitor for unusual Cypher query patterns that might indicate exploitation. Regularly review Flowsint's configuration and ensure that database access permissions are appropriately restricted. After upgrading, verify the fix by attempting to create a node with a potentially malicious type and confirming that the Cypher query remains unchanged.
How to fix
Actualice Flowsint a la versión 1.2.3 o posterior para mitigar la vulnerabilidad de inyección de consultas Cypher. Esta actualización corrige el problema al validar correctamente los tipos de nodos durante la creación, evitando la ejecución de consultas Cypher maliciosas.
Frequently asked questions
What is CVE-2026-42156 — Cypher Injection in Flowsint?
CVE-2026-42156 is a vulnerability in Flowsint versions 1.0.0 through 1.2.2 that allows a remote attacker to inject malicious Cypher queries, potentially leading to data compromise. Severity is pending evaluation.
Am I affected by CVE-2026-42156 in Flowsint?
You are affected if you are running Flowsint versions 1.0.0 through 1.2.2. Upgrade to version 1.2.3 or later to mitigate the risk.
How do I fix CVE-2026-42156 in Flowsint?
The recommended fix is to upgrade Flowsint to version 1.2.3 or later. Input validation on user-supplied data can provide an interim mitigation.
Is CVE-2026-42156 being actively exploited?
As of the current date, there are no publicly known active exploitation campaigns for CVE-2026-42156.
Where can I find the official Flowsint advisory for CVE-2026-42156?
Refer to the Flowsint project's official website and GitHub repository for the latest security advisories and updates related to CVE-2026-42156.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Try it now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...