magicmirror CVE Vulnerabilities & CVE List (1)

Products (CPE): — CVEs: 1

magicmirror vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to magicmirror, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-42281 MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0. [email protected] 9.2 1.62% 2026-05-14 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence