Sentinel
Securing open-source digital forensics tools.
Digital forensics investigators rely on open-source tools every day. These tools process sensitive evidence, parse complex file formats, and help solve crimes. Yet many have never received a professional security review.
Through our Sentinel program, Mobasi performs security reviews for open-source forensics tools. Our team identifies vulnerabilities, documents findings, and works with maintainers through responsible disclosure to resolve issues before they can be exploited.
We are systematically reviewing tools in the digital forensic ecosystem to identify vulnerabilities and improve security. If you'd like your tool to be included or accelerated, please reach out below.
Our review process
- Deep code review for security vulnerabilities
- Dependency analysis and supply chain reviews
- Coordinated responsible disclosure with maintainers
- Pull requests with fixes where appropriate
- Public recognition for participating projects
Our track record
Since launching Sentinel, we've identified multiple critical and high-severity vulnerabilities across widely-used forensics tools. We work closely with maintainers to ensure issues are addressed before public disclosure.
Vulnerability index
| Tool | Type | CVE | Severity | Date |
|---|---|---|---|---|
| Arelle | Unauthenticated RCE via /rest/configure | CVE-2026-42796 | CRITICAL | 2026-05-04 |
| Detect-It-Easy | Path Traversal Arbitrary File Write | CVE-2026-43616 | HIGH | 2026-05-04 |
| Sleuth Kit | tsk_recover Path Traversal | CVE-2026-40024 | HIGH | 2026-03-05 |
| Sleuth Kit | APFS Keybag Parser OOB Read | CVE-2026-40025 | MEDIUM | 2026-03-05 |
| Sleuth Kit | ISO9660 SUSP ER Length Trust OOB Read | CVE-2026-40026 | MEDIUM | 2026-03-05 |
| ALEAPP | NQ Vault Path Traversal / RCE | CVE-2026-40027 | HIGH | 2026-03-05 |
| NSA Ghidra | Arbitrary Code Execution via @execute Annotation | CVE-2026-4946 | HIGH | 2026-02-20 |
| Hayabusa | XSS from HTML Inputs | CVE-2026-40028 | MEDIUM | 2026-02-20 |
| parseusbs | Command Injection via LNK Filename | CVE-2026-40029 | HIGH | 2026-02-20 |
| parseusbs | Command Injection via -v Volume Argument | CVE-2026-40030 | HIGH | 2026-02-20 |
| unfurl | Permanent Debug Mode | CVE-2026-40035 | CRITICAL | 2026-01-28 |
| bulk_extractor | Heap Overflow Attack | CVE-2026-24857 | HIGH | 2026-01-28 |
| unfurl | Decompression Bomb DoS | CVE-2026-40036 | HIGH | 2026-01-28 |
| tcpflow | Out of Bounds Write | CVE-2026-25061 | MEDIUM | 2026-02-20 |
| MemProcFS | DLL/Shared Library Hijacking | CVE-2026-40031 | HIGH | 2026-02-20 |
| UAC | Command Injection via Placeholder Substitution | CVE-2026-40032 | HIGH | 2026-04-05 |
Some vulnerabilities remain under embargo during responsible disclosure. This table is updated as disclosures are made public.
Submit a tool for review
Maintain an open-source forensics tool? We'd like to help ensure it's secure. Submit your tool for consideration in our review program.
Submit a tool for review