PatchSiren

reconurge CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM reconurge CVE published 2026-05-14

CVE-2026-42159

CVE-2026-42159 affects Flowsint prior to 1.2.3. According to the NVD record and the linked GitHub advisory, a remote attacker can create a node with a malicious description containing arbitrary HTML. When another user selects that node, the HTML is rendered and may trigger stored cross-site scripting. The issue is rated medium severity (CVSS 5.3) and is fixed in Flowsint 1.2.3.

MEDIUM reconurge CVE published 2026-05-12

CVE-2026-42157

CVE-2026-42157 is a stored cross-site scripting issue in Flowsint, an open-source OSINT graph exploration tool. A remote attacker can create a map node with a malicious label containing arbitrary HTML. When a user opens the map tab and selects the node marker, the application renders that HTML, which can trigger stored XSS. The issue is fixed in Flowsint 1.2.3.

CRITICAL reconurge CVE published 2026-04-20

CVE-2026-32311

CVE-2026-32311 is a critical remote code execution flaw in Flowsint’s sketch/transform workflow. According to the vendor advisory and NVD record, an attacker who can create a sketch may trigger the org_to_asn transform on an organization node and cause arbitrary OS command execution as root, with a reported container-escape path to the host. The linked commit b52cbbb904c8013b74308d58af88bc7dbb1b055c remov [truncated]