CVE-2026-42281P2HIGHCVSS 8.6PoCfixed in 2.36.02026-05-14
CVE-2026-42281 [HIGH] CWE-918 CVE-2026-42281: MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Se
MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also
nvd