CVE-2026-7059

MEDIUM 5.3

666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used.

CWE	CWE-22
Vendor	666ghj
Product	mirofish
Published	Apr 26, 2026

Stay Ahead of the Next One

Get instant alerts for 666ghj mirofish

Be the first to know when new medium vulnerabilities affecting 666ghj mirofish are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

666ghj / MiroFish

0.1.0 0.1.1 0.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359632 vuldb.com: https://vuldb.com/vuln/359632/cti vuldb.com: https://vuldb.com/submit/798605 github.com: https://github.com/666ghj/MiroFish/issues/489 github.com: https://github.com/666ghj/MiroFish/

Credits

🔍 York Shen (VulDB User)