Which versions of Flowsint are affected by CVE-2026-32311?

Flowsint OSINT tool contains a critical remote code execution vulnerability (CVSS 9.3) that allows unauthenticated attackers to execute arbitrary commands as root on host systems through container…

Flowsint CVE-2026-32311

Q: What is the CVSS score of CVE-2026-32311?

CVE-2026-32311 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-23946 CRITICAL

OS Command Injection (CWE-78)

2026-04-20 GitHub_M

Docker Command Injection

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 21, 2026 - 15:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Apr 20, 2026 - 20:33 vuln.today

CVSS changed

Apr 20, 2026 - 20:22 NVD

9.3 (CRITICAL)

EUVD ID Assigned

Apr 20, 2026 - 20:00 euvd

EUVD-2026-23946

Analysis Generated

Apr 20, 2026 - 20:00 vuln.today

CVE Published

Apr 20, 2026 - 19:56 nvd

CRITICAL 9.3

DescriptionNVD

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relationships. The sketches contain information on an OSINT target (usernames, websites, etc) within these nodes and relationships. The nodes can have automated processes execute on them called 'transformers'. A remote attacker can create a sketch, then trigger the 'org_to_asn' transform on an organization node to execute arbitrary OS commands as root on the host machine via shell metacharacters and a docker container escape. Commit b52cbbb904c8013b74308d58af88bc7dbb1b055c appears to remove the code that causes this issue.

AnalysisAI

Remote code execution with container escape in Flowsint OSINT tool allows unauthenticated attackers to execute arbitrary OS commands as root on the host machine. The vulnerability exploits shell metacharacter injection in the 'org_to_asn' transformer when processing organization nodes in OSINT sketches. …

RemediationAI

Within 24 hours: Immediately isolate or air-gap all Flowsint instances from internet access; disable or restrict network access to the 'org_to_asn' transformer functionality if possible; audit logs for exploitation attempts (shell metacharacter injection patterns in org node processing). Within 7 days: Contact Flowsint vendor for release date of patched version containing commit b52cbbb904c; implement network segmentation if Flowsint cannot be removed; deploy Web Application Firewall (WAF) rules to block requests with shell metacharacters to Flowsint endpoints if temporary internet exposure is unavoidable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32311 vulnerability details – vuln.today

Back

Flowsint CVE-2026-32311

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Flowsint CVE-2026-32311

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code