CVE-2026-42281 | MagicMirrorOrg MagicMirror up to 2.35.x Endpoint /cors server-side request forgery (GHSA-ph6f-2cvq-79hq)

Inserito da Angelo Barbosa | Mag 14, 2026 | CVE

A vulnerability categorized as critical has been discovered in MagicMirrorOrg MagicMirror up to 2.35.x. Affected by this vulnerability is an unknown functionality of the file /cors of the component Endpoint. The manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-42281. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-42281 | MagicMirrorOrg MagicMirror up to 2.35.x Endpoint /cors server-side request forgery (GHSA-ph6f-2cvq-79hq)

Post correlati

CVE-2024-8335 | OpenRapid RapidCMS up to 1.3.1 /resource/runlogon.php username sql injection

CVE-2024-42493 | Dorsett Controls InfoScan 1.32/1.33/1.35 Response Header information disclosure (icsa-24-221-01)

CVE-2025-5160 | H3C SecCenter SMP-E1114P02 up to 20250513 download Name path traversal

CVE-2024-8077 | TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 setTracerouteCfg os command injection