CVE report

CVE-2026-42281critical

MagicMirror <= 2.35.0 - Server-Side Request Forgery

Events 7d

1

Distinct IPs

1

Severity

critical

CISA KEV

Not listed

Downloads & integrations

Top sources probing for CVE-2026-42281

URL patterns we match

An event counts toward CVE-2026-42281 if its URL path contains any of these substrings (case-insensitive).

  • · /cors