CVE-2026-7042

Source
https://cve.org/CVERecord?id=CVE-2026-7042
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7042.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7042
Published
2026-04-26T13:00:17.265Z
Modified
2026-07-08T08:09:48.804992194Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
Details

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7042.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ]
}
References

Affected packages

Git / github.com/666ghj/mirofish

Affected ranges

Type
GIT
Repo
https://github.com/666ghj/mirofish
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "0.1.0"
        },
        {
            "introduced": "0.1.1"
        },
        {
            "last_affected": "0.1.1"
        },
        {
            "introduced": "0.1.2"
        },
        {
            "last_affected": "0.1.2"
        }
    ]
}

Affected versions

0.*
0.1.0
0.1.1
0.1.2
v0.*
v0.1.0
v0.1.1
v0.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7042.json"