{"cve_id":"CVE-2026-42281","title":"MagicMirror <= 2.35.0 - Server-Side Request Forgery","severity":"critical","actively_exploited":false,"patterns":["/cors"],"events":1,"unique_ips":1,"actors":[{"ip":"185.177.72.205","events":1,"country_code":"FR","country":"France","org":"Bucklog SARL","rdns":"","scanner_tag":null}],"top_asns":[{"asn":211590,"org":"Bucklog SARL","events":1,"ips":1}],"fingerprints":{"ja4h":["ge11nn14en_068ebe3632ec"],"ja4":[]},"sample_paths":["/config/cors%2ejs"],"timeline":[{"day":"2026-07-04","events":1,"ips":1}],"window_hours":168}