CVE-2026-7059 | 666ghj MiroFish up to 0.1.2 Query Parameter simulation.py get_simulation_posts Platform path traversal (Issue 489)

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability classified as critical has been found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal.

This vulnerability is identified as CVE-2026-7059. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-7059 | 666ghj MiroFish up to 0.1.2 Query Parameter simulation.py get_simulation_posts Platform path traversal (Issue 489)

Post correlati

CVE-2023-50341 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 information disclosure (KB0109608)

CVE-2023-52919 | Linux Kernel up to 6.5.8 nfc send_acknowledge null pointer dereference

CVE-2023-49355 | jq 1.2e-111 decNumber/decNumber.c decToString out-of-bounds write

CVE-2025-14017 | cURL up to 8.17.0 Threaded LDAPS certificate validation