A vulnerability categorized as critical has been discovered in MagicMirrorOrg MagicMirror up to 2.35.x . Affected by this vulnerability is an unknown functionality of the file /cors of the component Endpoint . The manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-42281 . The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.