CVE-2026-7058: CVE-2026-7058
Descripción de la vulnerabilidad en 666ghj MiroFish.
Descripción de la Vulnerabilidad
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py.
CVE Details
| CVSS Score: | 7.3 (High) |
|---|---|
| Impact: | Command Injection / Remote Code Execution |
| Exploit Status: | Disclosed to the public and may be used. |
Sistemas Afectados
| Software Name: | 666ghj MiroFish 0.1.2 (up to) |
|---|---|
| Component: | backend/app/services/simulation_ipc.py |
| Vulnerable Element: | SimulationIPCClient.send_command() |
| Project Status: | Informed of the problem early, no response yet. |
Impacto y Explotabilidad
The vulnerability allows attackers to execute arbitrary commands via the simulation IPC client. This manipulation leads to command injection and remote code execution (RCE).
"The exploit has been disclosed to the public and may be used."
Mitigación y Parches
| Version: | =0.1.3+ |
|---|---|
| Action Required: | Upgrade to the latest version. |
It is recommended to update your MiroFish instance immediately after upgrading, and monitor for any new vulnerabilities in related software.
CVE Reference
CVE-2026-7058 (CVE-ID)Published: 2026-04-26