Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionGitHub Advisory
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relationships. The sketches contain information on an OSINT target (usernames, websites, etc) within these nodes and relationships. The nodes can have automated processes execute on them called 'transformers'. A remote attacker can create a sketch, then trigger the 'org_to_asn' transform on an organization node to execute arbitrary OS commands as root on the host machine via shell metacharacters and a docker container escape. Commit b52cbbb904c8013b74308d58af88bc7dbb1b055c appears to remove the code that causes this issue.
AnalysisAI
Remote code execution with container escape in Flowsint OSINT tool allows unauthenticated attackers to execute arbitrary OS commands as root on the host machine. The vulnerability exploits shell metacharacter injection in the 'org_to_asn' transformer when processing organization nodes in OSINT sketches. With CVSS 9.3 (CVSS 4.0), network attack vector, low complexity, and no authentication required, this represents critical risk to any internet-exposed Flowsint instance. Upstream fix committed (b52cbbb904c) removes vulnerable code, but no tagged release version confirmed yet. CVSS vector indicates proof-of-concept exploit exists (E:P).
Technical ContextAI
Flowsint is an open-source OSINT (Open Source Intelligence) graph exploration tool built with Docker containerization. The vulnerability is a classic OS command injection (CWE-78) in the 'org_to_asn' transformer component, which performs automated analysis on organization nodes within investigation sketches. The flaw stems from improper sanitization of user-controlled input passed to shell commands within the Docker container. When shell metacharacters (e.g., semicolons, pipes, backticks) are embedded in organization node data, they are executed by the underlying shell. The attack achieves container escape, elevating from in-container execution to root-level host OS command execution - effectively breaking Docker's isolation boundary. This represents a critical failure in input validation combined with unsafe process spawning and inadequate container security controls.
RemediationAI
Apply upstream fix by updating Flowsint to commit b52cbbb904c8013b74308d58af88bc7dbb1b055c or later (https://github.com/reconurge/flowsint/commit/b52cbbb904c8013b74308d58af88bc7dbb1b055c). The commit removes the vulnerable code path entirely. As no tagged release version is confirmed in available data, deploy directly from the fixed commit or later main branch until a versioned release is published. If immediate patching is not feasible, implement these compensating controls with noted trade-offs: (1) Disable the 'org_to_asn' transformer functionality if not operationally required - this prevents exploitation but removes legitimate OSINT analysis capability for AS number lookups. (2) Restrict network access to Flowsint to trusted internal networks only via firewall rules - eliminates remote attack vector but may hinder legitimate remote investigation workflows. (3) Implement strict input validation and allowlisting at the application perimeter for all sketch/node data - reduces attack surface but requires custom code changes and may break existing investigations with legitimate special characters. (4) Run Flowsint with enhanced container security policies (AppArmor, seccomp, read-only root filesystem) to prevent container escape - mitigates host compromise but does not prevent in-container RCE and may cause operational issues. All workarounds are inferior to patching; plan emergency maintenance window.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23946