CVE-2026-32311: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in reconurge flowsint
CVE-2026-32311 is a critical OS command injection vulnerability in the open-source OSINT tool Flowsint by reconurge. The flaw allows a remote attacker to create a sketch and trigger the 'org_to_asn' transform on an organization node, leading to arbitrary OS command execution as root on the host via shell metacharacters and a Docker container escape. This vulnerability affects versions of Flowsint prior to commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which appears to remove the vulnerable code. The CVSS 4. 0 score is 9. 3, indicating a critical severity with network attack vector and no required privileges or user interaction. No official patch or vendor advisory is explicitly provided, but the commit referenced suggests remediation by code removal.
AI Analysis
Technical Summary
Flowsint is an OSINT graph exploration tool that allows automated processes called 'transformers' to run on nodes within sketches. The 'org_to_asn' transformer in affected versions improperly neutralizes special shell metacharacters, enabling remote attackers to execute arbitrary OS commands as root through a Docker container escape. The vulnerability is identified as CWE-78 (OS Command Injection). The issue is resolved by removing the vulnerable code in commit b52cbbb904c8013b74308d58af88bc7dbb1b055c. No official vendor advisory or patch link is provided, and the product is not a cloud service.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands with root privileges on the host running Flowsint. This can lead to full system compromise, data exposure, and control over the host environment. The vulnerability does not require authentication or user interaction and can be triggered remotely via crafted sketches. There are no known exploits in the wild at this time.
Mitigation Recommendations
The vulnerability is addressed by commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which removes the vulnerable code. Users should upgrade to a version that includes this commit or later. Since no official vendor advisory or patch link is provided, verify the presence of this commit in your Flowsint installation. Patch status is not yet confirmed by an official advisory — check the vendor or project repository for current remediation guidance.
CVE-2026-32311: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in reconurge flowsint
Description
CVE-2026-32311 is a critical OS command injection vulnerability in the open-source OSINT tool Flowsint by reconurge. The flaw allows a remote attacker to create a sketch and trigger the 'org_to_asn' transform on an organization node, leading to arbitrary OS command execution as root on the host via shell metacharacters and a Docker container escape. This vulnerability affects versions of Flowsint prior to commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which appears to remove the vulnerable code. The CVSS 4. 0 score is 9. 3, indicating a critical severity with network attack vector and no required privileges or user interaction. No official patch or vendor advisory is explicitly provided, but the commit referenced suggests remediation by code removal.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Flowsint is an OSINT graph exploration tool that allows automated processes called 'transformers' to run on nodes within sketches. The 'org_to_asn' transformer in affected versions improperly neutralizes special shell metacharacters, enabling remote attackers to execute arbitrary OS commands as root through a Docker container escape. The vulnerability is identified as CWE-78 (OS Command Injection). The issue is resolved by removing the vulnerable code in commit b52cbbb904c8013b74308d58af88bc7dbb1b055c. No official vendor advisory or patch link is provided, and the product is not a cloud service.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands with root privileges on the host running Flowsint. This can lead to full system compromise, data exposure, and control over the host environment. The vulnerability does not require authentication or user interaction and can be triggered remotely via crafted sketches. There are no known exploits in the wild at this time.
Mitigation Recommendations
The vulnerability is addressed by commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which removes the vulnerable code. Users should upgrade to a version that includes this commit or later. Since no official vendor advisory or patch link is provided, verify the presence of this commit in your Flowsint installation. Patch status is not yet confirmed by an official advisory — check the vendor or project repository for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-11T21:16:21.660Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6860319fe3cd2cd2e53c1
Added to database: 4/20/2026, 8:01:07 PM
Last enriched: 4/20/2026, 8:16:10 PM
Last updated: 4/20/2026, 9:04:02 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.