CVE-2026-59148 - Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft
CVE ID :CVE-2026-59148 Published : July 9, 2026, 7:17 p.m. | 1 hour, 15 minutes ago Description :Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock...