CVE-2026-7042
Received Received - Intake
Authentication Bypass in 666ghj MiroFish REST API Endpoint

Publication date: 2026-04-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-04-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7042
EUVD
EUVD-2026-25719
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
666ghj mirofish to 0.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in the create_app function of the backend/app/__init__.py file in the 666ghj MiroFish project up to version 0.1.2. It affects the REST API Endpoint component and allows an attacker to manipulate the system to bypass authentication.

The attack can be launched remotely, meaning an attacker does not need local access to exploit this vulnerability. The exploit has already been published and can be used by attackers.

The project was informed about this issue early through an issue report but has not yet responded.


How can this vulnerability impact me? :

This vulnerability can lead to missing authentication, which means unauthorized users could gain access to the system or its resources without proper verification.

Since the attack can be performed remotely, it increases the risk of unauthorized access from anywhere on the internet.

Such unauthorized access could lead to data exposure, manipulation, or other malicious activities depending on what the REST API Endpoint controls.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in 666ghj MiroFish allows for missing authentication via the REST API Endpoint, which can be exploited remotely. This lack of proper authentication could lead to unauthorized access to sensitive data or systems.

Such unauthorized access risks violating common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Therefore, this vulnerability potentially impacts compliance by exposing systems to unauthorized access and data breaches, which are critical concerns under these regulations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart