Which versions of MiroFish are affected by EUVD-2026-25728?

MiroFish versions up to 0.1.2 contain an unauthenticated remote command injection vulnerability in the inter-process communication module that allows attackers to execute arbitrary system commands…

Is there a public PoC exploit available for EUVD-2026-25728?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25728. Prioritise patching immediately. EPSS: 1.0%.

MiroFish EUVD-2026-25728

Q: What is the CVSS score of EUVD-2026-25728?

EUVD-2026-25728 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.0%.

| CVE-2026-7058 MEDIUM

Command Injection (CWE-77)

2026-04-26 VulDB

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 26, 2026 - 22:22 NVD

HIGH MEDIUM

CVSS changed

Apr 26, 2026 - 22:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 26, 2026 - 20:15 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 20:00 euvd

EUVD-2026-25728

Analysis Generated

Apr 26, 2026 - 20:00 vuln.today

CVE Published

Apr 26, 2026 - 19:45 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote command injection in MiroFish versions up to 0.1.2 allows unauthenticated attackers to execute arbitrary system commands through the SimulationIPCClient.send_command function in the inter-process communication module. The vulnerability is actively exploitable via network access with low complexity, requiring no user interaction or authentication. …

RemediationAI

Within 24 hours: Inventory all systems running MiroFish and isolate affected instances from production networks if operationally feasible. Within 7 days: Implement network segmentation to restrict access to MiroFish instances to authorized internal networks only; deploy intrusion detection signatures for CVE-2026-7058 exploitation attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25728 vulnerability details – vuln.today

Back

MiroFish EUVD-2026-25728

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

MiroFish EUVD-2026-25728

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code