VYPR

npm package

magicmirror

pkg:npm/magicmirror

Vulnerabilities (1)

  • CVE-2026-42281HigMay 14, 2026
    affected < 2.36.0fixed 2.36.0

    MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal netw