{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7059", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T01:08:46.182Z", "datePublished": "2026-04-26T20:00:16.618Z", "dateUpdated": "2026-04-27T13:30:46.709Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T20:00:16.618Z"}, "title": "666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "666ghj", "product": "MiroFish", "versions": [{"version": "0.1.0", "status": "affected"}, {"version": "0.1.1", "status": "affected"}, {"version": "0.1.2", "status": "affected"}], "modules": ["Query Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T03:13:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "York Shen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/359632", "name": "VDB-359632 | 666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359632/cti", "name": "VDB-359632 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798605", "name": "Submit #798605 | 666ghj MiroFish 0.1.2 Arbitrary SQLite Database Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/666ghj/MiroFish/issues/489", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/666ghj/MiroFish/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:12:58.425427Z", "id": "CVE-2026-7059", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:30:46.709Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7059", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T13:12:58.425427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:12:59.400Z"}}], "cna": {"title": "666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "York Shen (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "666ghj", "modules": ["Query Parameter Handler"], "product": "MiroFish", "versions": [{"status": "affected", "version": "0.1.0"}, {"status": "affected", "version": "0.1.1"}, {"status": "affected", "version": "0.1.2"}]}], "timeline": [{"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-26T03:13:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359632", "name": "VDB-359632 | 666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359632/cti", "name": "VDB-359632 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798605", "name": "Submit #798605 | 666ghj MiroFish 0.1.2 Arbitrary SQLite Database Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/666ghj/MiroFish/issues/489", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/666ghj/MiroFish/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T20:00:16.618Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7059", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:30:46.709Z", "dateReserved": "2026-04-26T01:08:46.182Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-26T20:00:16.618Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used."}], "id": "CVE-2026-7059", "lastModified": "2026-04-27T18:50:06.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-26T22:17:33.423", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/666ghj/MiroFish/"}, {"source": "cna@vuldb.com", "url": "https://github.com/666ghj/MiroFish/issues/489"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/798605"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359632"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359632/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MiroFish", "source": "cna", "vendor": "666ghj"}, "product": "mirofish", "vendor": "666ghj"}], "analysis": {"en": {"generated_at": "2026-04-28T13:21:11.388729+00:00", "value": {"mitigation_remediation": ["Upgrade MiroFish to 0.1.3 or later when the patch is available.", "If an immediate update is not possible, sanitize the Platform query parameter to allow only whitelisted values or enforce strict directory boundaries before file access.", "Configure the web server or application environment to restrict the process\u2019s file system permissions so that even if a path traversal occurs, it cannot access sensitive areas outside the designated content directory."], "summary": {"action": "Apply Patch", "impact": "Remote Path Traversal"}, "threat_synthesis": {"affected_systems": "This issue affects the 666ghj MiroFish application, versions up to and including 0.1.2. There is no evidence that versions beyond 0.1.2 contain the fix. System administrators should confirm the deployed version against the vendor\u2019s release notes to determine if the vulnerability is present.", "description_and_impact": "The vulnerability originates from how the get_simulation_posts function handles the Platform query parameter in MiroFish\u2019s Query Parameter Handler. An attacker can supply a crafted Platform value containing directory traversal sequences, causing the application to resolve a path outside the intended base directory. This flaw permits unauthorized reading or modification of files whose location is beyond the protected data directory, thereby compromising the confidentiality and integrity of system files. The weakness is a classic example of CWE\u201122, in which path resolution is not properly validated.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. The description states that the exploitation can be performed remotely by sending a crafted HTTP request to the /simulation endpoint with a malicious Platform parameter, which will trigger arbitrary file access without authentication."}}}}, "created": "2026-04-27T19:51:56.788523+00:00", "updated": "2026-04-28T13:30:32.088414+00:00", "vendors": ["666ghj", "666ghj$PRODUCT$mirofish"]}