CVE-2026-7042: MiroFish REST API Lacks Authentication, High Severity
The National Vulnerability Database has published details on CVE-2026-7042, a high-severity flaw (CVSS 7.3) in 666ghj MiroFish up to version 0.1.2. This vulnerability, found within the create_app function of the backend/app/__init__.py file’s REST API Endpoint, allows for remote execution without proper authentication.
This is a critical oversight. The absence of authentication on a remote API endpoint effectively turns it into an open door. Attackers can leverage this to gain unauthorized access, potentially leading to data compromise, system manipulation, or further lateral movement within an affected network. The fact that an exploit has already been published escalates the immediate threat.
SCW notes that the project was reportedly informed of the issue, yet no response or patch has been released. This lack of vendor engagement leaves users exposed. Defenders must prioritize identifying any instances of MiroFish within their environments and isolating or removing them until a fix is available.
What This Means For You
- If your organization uses 666ghj MiroFish, particularly versions up to 0.1.2, you are directly exposed to unauthenticated remote access. Immediately identify and isolate or decommission these instances. Audit logs for any suspicious activity indicating unauthorized API calls, as an exploit is publicly available.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7042: MiroFish REST API Unauthenticated create_app Access
title: CVE-2026-7042: MiroFish REST API Unauthenticated create_app Access
id: scw-2026-04-26-ai-1
status: experimental
level: high
description: |
Detects unauthenticated POST requests to the MiroFish REST API endpoint '/api/v1/apps' with the 'create_app' parameter, indicative of the vulnerability described in CVE-2026-7042. This allows remote attackers to bypass authentication and potentially create applications.
author: SCW Feed Engine (AI-generated)
date: 2026-04-26
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7042/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method:
- 'POST'
cs-uri|contains:
- '/api/v1/apps'
cs-uri-query|contains:
- 'create_app'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7042 | Auth Bypass | 666ghj MiroFish up to 0.1.2 |
| CVE-2026-7042 | Auth Bypass | Vulnerable function: create_app in backend/app/__init__.py |
| CVE-2026-7042 | Auth Bypass | Vulnerable component: REST API Endpoint |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 01:17 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
itsourcecode Construction Management System SQLi: CVE-2026-7073
CVE-2026-7073 — A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of...
CVE-2026-7072: CodePanda Source Canteen Management System SQLi
CVE-2026-7072 — A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation...
CVE-2026-7071 — CodeAstro Online Job Portal Vulnerability
CVE-2026-7071 — A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file...