CVE-2026-7042 | 666ghj MiroFish up to 0.1.2 REST API Endpoint backend/app/init.py create_app missing authentication (Issue 487)

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability, which was classified as critical, was found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication.

This vulnerability is registered as CVE-2026-7042. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7042 | 666ghj MiroFish up to 0.1.2 REST API Endpoint backend/app/__init__.py create_app missing authentication (Issue 487)

Post correlati

CVE-2025-40887 | Nozomi Guardian/CMC up to 25.1.x Alert sql injection

CVE-2025-10050 | Developer Loggers for Simple History Plugin up to 0.5 on WordPress enabled_loggers file inclusion

CVE-2023-32259 | OpenText Service Management Automation/Asset Management X insufficient granularity of access control

CVE-2024-9653 | Restaurant Menu Plugin up to 2.4.2 on WordPress cross site scripting

CVE-2026-7042 | 666ghj MiroFish up to 0.1.2 REST API Endpoint backend/app/init.py create_app missing authentication (Issue 487)