Ipc

CVE-2026-21711 allows code running under the Node.js permission model without network access to create and expose local IPC endpoints via Unix Domain Sockets, bypassing intended network restrictions and enabling inter-process communication.

A command injection vulnerability exists in 666ghj MiroFish version 0.1.2 via the SimulationIPCClient.send_command function, allowing remote attackers to execute arbitrary commands.