CVE-2026-42281
HIGH NUCLEIMagicMirror²: Unauthenticated SSRF via /cors endpoint
Title source: cnaExploitation Summary
EIP tracks 2 public exploits for CVE-2026-42281. PoCs published by adminlove520, Astaruf. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-42281, an unauthenticated SSRF vulnerability in MagicMirror² ≤ 2.35.0. The exploit leverages the `/cors` endpoint to perform internal network scanning, cloud metadata exfiltration, and configuration extraction.
Description
MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0.
Exploits (2)
This repository contains a functional exploit PoC for CVE-2026-42281, an unauthenticated SSRF vulnerability in MagicMirror² ≤ 2.35.0. The exploit leverages the `/cors` endpoint to perform internal network scanning, cloud metadata exfiltration, and configuration extraction.
This repository contains a functional Python-based PoC for CVE-2026-42281, an unauthenticated SSRF vulnerability in MagicMirror² ≤ 2.35.0. The exploit leverages the `/cors` endpoint to perform internal network scans, cloud metadata exfiltration, and config extraction.
Nuclei Templates (1)
http.title:"MagicMirror"
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N