CVE-2026-32311: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in reconurge flowsint
CVE-2026-32311 is a critical OS command injection vulnerability in the open-source OSINT tool Flowsint by reconurge. The flaw allows a remote attacker to create a sketch and trigger the 'org_to_asn' transformer on an organization node, leading to arbitrary OS command execution as root via shell metacharacters and a Docker container escape. This vulnerability affects versions of Flowsint prior to commit b52cbbb904c8013b74308d58af88bc7dbb1b055c. The problematic code appears to have been removed in that commit. No official patch or advisory is explicitly provided, and no known exploits are reported in the wild. The CVSS 4. 0 score is 9. 3, indicating critical severity.
AI Analysis
Technical Summary
Flowsint, an OSINT graph exploration tool, contains an OS command injection vulnerability (CWE-78) in the 'org_to_asn' transformer functionality. A remote attacker can create a sketch and invoke this transformer on an organization node, which improperly neutralizes special shell metacharacters, allowing arbitrary command execution as root on the host system. This is compounded by a Docker container escape technique. The vulnerability exists in versions before commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which appears to remove the vulnerable code. No vendor advisory or official patch is documented, but the commit suggests remediation.
Potential Impact
Successful exploitation results in remote, unauthenticated attackers executing arbitrary OS commands with root privileges on the host running Flowsint. This can lead to full system compromise, data exposure, and control over the host environment. The vulnerability also involves a Docker container escape, increasing the severity by breaking container isolation.
Mitigation Recommendations
The vulnerability is addressed by commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which removes the vulnerable code. Users should upgrade to versions including or after this commit to remediate the issue. Since no official vendor advisory or patch link is provided, users must verify that their Flowsint installation incorporates this fix. Patch status is not yet confirmed via vendor advisory; check the project's repository for the referenced commit and apply updates accordingly.
CVE-2026-32311: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in reconurge flowsint
Description
CVE-2026-32311 is a critical OS command injection vulnerability in the open-source OSINT tool Flowsint by reconurge. The flaw allows a remote attacker to create a sketch and trigger the 'org_to_asn' transformer on an organization node, leading to arbitrary OS command execution as root via shell metacharacters and a Docker container escape. This vulnerability affects versions of Flowsint prior to commit b52cbbb904c8013b74308d58af88bc7dbb1b055c. The problematic code appears to have been removed in that commit. No official patch or advisory is explicitly provided, and no known exploits are reported in the wild. The CVSS 4. 0 score is 9. 3, indicating critical severity.
CVSS v4.0
Score 9.3critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Flowsint, an OSINT graph exploration tool, contains an OS command injection vulnerability (CWE-78) in the 'org_to_asn' transformer functionality. A remote attacker can create a sketch and invoke this transformer on an organization node, which improperly neutralizes special shell metacharacters, allowing arbitrary command execution as root on the host system. This is compounded by a Docker container escape technique. The vulnerability exists in versions before commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which appears to remove the vulnerable code. No vendor advisory or official patch is documented, but the commit suggests remediation.
Potential Impact
Successful exploitation results in remote, unauthenticated attackers executing arbitrary OS commands with root privileges on the host running Flowsint. This can lead to full system compromise, data exposure, and control over the host environment. The vulnerability also involves a Docker container escape, increasing the severity by breaking container isolation.
Mitigation Recommendations
The vulnerability is addressed by commit b52cbbb904c8013b74308d58af88bc7dbb1b055c, which removes the vulnerable code. Users should upgrade to versions including or after this commit to remediate the issue. Since no official vendor advisory or patch link is provided, users must verify that their Flowsint installation incorporates this fix. Patch status is not yet confirmed via vendor advisory; check the project's repository for the referenced commit and apply updates accordingly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-11T21:16:21.660Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6860319fe3cd2cd2e53c1
Added to database: 4/20/2026, 8:01:07 PM
Last enriched: 4/28/2026, 6:05:38 AM
Last updated: 6/4/2026, 6:47:10 PM
Views: 128
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.