PatchSiren cyber security CVE debrief
CVE-2026-59148 mockoon CVE debrief
The CVE record for CVE-2026-59148 was published on 2026-07-09T19:17:07.067Z and has not been modified since then. The NVD entry is currently Deferred. This vulnerability affects Mockoon versions prior to 9.7.0, allowing unauthenticated callers to read environment variables, write arbitrary process environment variables, rewrite mock route bodies, statuses, and headers, read transaction logs and SSE streams, and purge state due to a lack of authentication and insecure CORS configuration. The vulnerability has a high CVSS score of 8.8, indicating a high severity.
- Vendor
- mockoon
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Mockoon versions prior to 9.7.0 should update to the latest version to prevent unauthorized access to their mock server. This includes operators, platform administrators, vulnerability management teams, and security teams who may be impacted by the vulnerability.
Technical summary
Mockoon's admin API, mounted on the same Express listener as user-defined mock routes, allows unauthenticated callers to read environment variables, write arbitrary process environment variables, rewrite mock route bodies, statuses, and headers, read transaction logs and SSE streams, and purge state due to a lack of authentication and insecure CORS configuration. This issue is fixed in version 9.7.0. Affected product deployments may exist in managed environments.
Defensive priority
High priority due to the high CVSS score of 8.8 and the potential for unauthorized access and data manipulation.
Recommended defensive actions
- Update Mockoon to version 9.7.0 or later
- Restrict access to the mock server port
- Implement authentication for the admin API
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record and NVD entry provide details on the vulnerability, but further investigation is needed to determine the full scope of affected systems and potential mitigations. Affected product deployments may exist in managed environments. Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:07.067Z and has not been modified since then. The NVD entry is currently Deferred.