CVE-2026-7059

Name of the Vulnerable Software and Affected Versions MiroFish versions prior to 0.1.2

Description A path traversal issue exists in the Query Parameter Handler component within the get simulation posts() function of the backend/app/api/simulation.py file. A remote attacker can trigger this by manipulating the Platform argument. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder.

Recommendations Update to a version later than 0.1.2. As a temporary workaround, restrict or validate the input of the Platform argument used in the get simulation posts() function.