PT-2026-35224 · Mirofish · Mirofish

Yu_Bao

Published

2026-04-26

Updated

2026-04-26

CVE-2026-7042

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MiroFish versions prior to 0.1.3

Description A flaw in the REST API Endpoint component allows remote attackers to bypass authentication. This issue occurs within the create app() function located in the backend/app/ init .py file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the REST API Endpoint to minimize the risk of exploitation.

Exploit

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-306

Related Identifiers

CVE-2026-7042

Affected Products

Mirofish

PT-2026-35224 · Mirofish · Mirofish

CVE-2026-7042

Weakness Enumeration

Related Identifiers

Affected Products

References · 7