CVE-2026-56021

June 18, 2026, 5:16 p.m.

6.9
Medium

Description

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

Product(s) Impacted

Vendor Product Versions
Webmin
  • Webmin
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-185
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a webmin webmin / / / / / / / /

References

https://github.com/webmin/webmin/releases/tag/2.641
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json
https://webmin.com/security/#webmin-prior-to-2641
https://www.cve.org/CVERecord?id=CVE-2026-56021

Tags

9119a7d8-5eab-497f-8521-727c672e3725
CWE-185
2026-06-18
CVE-2026-56021

CVSS Score

6.9 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: June 18, 2026, 5:16 p.m.
Last Modified: June 18, 2026, 5:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

9119a7d8-5eab-497f-8521-727c672e3725

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.