VYPR

Magicmirror

by Magicmirror

npm: magicmirror

Source repositories

CVEs (1)

  • CVE-2026-42281HigMay 14, 2026
    risk 0.49cvss 8.6epss 0.02

    MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal…