CVE-2026-7058 | 666ghj MiroFish up to 0.1.2 Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection (Issue 488)

A vulnerability described as critical has been identified in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection.

This vulnerability is referenced as CVE-2026-7058. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7058 | 666ghj MiroFish up to 0.1.2 Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection (Issue 488)

Post correlati

CVE-2024-47773 | Discourse up to 3.3.1/3.4.0.beta1 DISCOURSE_DISABLE_ANON_CACHE external reference (GHSA-58vv-9j8h-hw2v)

CVE-2024-33056 | Qualcomm Snapdragon Auto up to MDM SMEM Partition buffer over-read

CVE-2023-26690 | CS-Cart MultiVendor 4.16.1 File Manager unrestricted upload

CVE-2023-45918 | GNU ncurses 6.4-20230610 tgetstr null pointer dereference