Skip to main content

MiroFish CVE-2026-7059

| EUVD-2026-25729 MEDIUM
Path Traversal (CWE-22)
2026-04-26 VulDB
Path Traversal
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
Apr 27, 2026 - 18:50 vuln.today
Public exploit code
CVSS changed
Apr 26, 2026 - 22:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Apr 26, 2026 - 20:30 vuln.today
EUVD ID Assigned
Apr 26, 2026 - 20:15 euvd
EUVD-2026-25729
Analysis Generated
Apr 26, 2026 - 20:15 vuln.today
CVE Published
Apr 26, 2026 - 20:00 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used.

AnalysisAI

Path traversal in MiroFish up to version 0.1.2 allows remote unauthenticated attackers to read arbitrary files via manipulation of the Platform query parameter in the get_simulation_posts function. The vulnerability affects the backend simulation API endpoint and has publicly available exploit code, though exploitation is limited to information disclosure rather than modification or availability impact.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7059 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy