CVE-2026-7042
Received Received - Intake
Authentication Bypass in 666ghj MiroFish REST API Endpoint

Publication date: 2026-04-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7042
EUVD
EUVD-2026-25719
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
666ghj mirofish to 0.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in the create_app function of the backend/app/__init__.py file in the 666ghj MiroFish project up to version 0.1.2. It affects the REST API Endpoint component and allows an attacker to manipulate the system to bypass authentication.

The attack can be launched remotely, meaning an attacker does not need local access to exploit this vulnerability. The exploit has already been published and can be used by attackers.

The project was informed about this issue early through an issue report but has not yet responded.

Impact Analysis

This vulnerability can lead to missing authentication, which means unauthorized users could gain access to the system or its resources without proper verification.

Since the attack can be performed remotely, it increases the risk of unauthorized access from anywhere on the internet.

Such unauthorized access could lead to data exposure, manipulation, or other malicious activities depending on what the REST API Endpoint controls.

Compliance Impact

The vulnerability in 666ghj MiroFish allows for missing authentication via the REST API Endpoint, which can be exploited remotely. This lack of proper authentication could lead to unauthorized access to sensitive data or systems.

Such unauthorized access risks violating common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Therefore, this vulnerability potentially impacts compliance by exposing systems to unauthorized access and data breaches, which are critical concerns under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7042. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart