666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7042

Source VulDB

Published Apr 26, 2026 at 13:00

Affected Product

Vendor 666ghj

Product MiroFish

Version 0.1.0

Affected Versions 666ghj MiroFish 0.1.0
666ghj MiroFish 0.1.1
666ghj MiroFish 0.1.2

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-26T13:00:17.265Z",
    "modified": "2026-04-26T13:00:17.265Z",
    "type": "cve",
    "title": "666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359621\nhttps://vuldb.com/vuln/359621/cti\nhttps://vuldb.com/submit/798583\nhttps://github.com/666ghj/MiroFish/issues/487\nhttps://github.com/666ghj/MiroFish/",
    "id": "CVE-2026-7042",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "666ghj MiroFish 0.1.0\n666ghj MiroFish 0.1.1\n666ghj MiroFish 0.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MiroFish",
    "version": "0.1.0",
    "vendor": "666ghj",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

666ghj MiroFish REST API Endpoint init.py create_app missing authentication_CVE-2026-7042