CVE-2026-42281 | MagicMirrorOrg MagicMirror up to 2.35.x Endpoint /cors server-side request forgery (GHSA-ph6f-2cvq-79hq)

A vulnerability categorized as critical has been discovered in MagicMirrorOrg MagicMirror up to 2.35.x. Affected by this vulnerability is an unknown functionality of the file /cors of the component Endpoint. The manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-42281. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More