Skip to main content

Webmin CVE-2026-56021

| EUVDEUVD-2026-37908 MEDIUM
Incorrect Regular Expression (CWE-185)
2026-06-18 cisa-cg GHSA-xpvh-gv3p-w5qx
6.9
CVSS 4.0 · Vendor: cisa-cg
Share

Severity by source

Vendor (cisa-cg) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable, no auth, no interaction; read-only .conf file disclosure yields partial confidentiality loss only, with no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisa-cg).

CVSS VectorVendor: cisa-cg

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 18, 2026 - 19:38 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
Source Code Evidence Fetched
Jun 18, 2026 - 17:10 vuln.today
Analysis Generated
Jun 18, 2026 - 17:10 vuln.today

DescriptionCVE.org

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

AnalysisAI

Unauthenticated remote file disclosure in Webmin (all versions prior to 2.641) exposes the contents of any .conf file residing within module directories. The root cause is a flawed regular expression (CWE-185) that was intended to restrict accessible file paths but can be bypassed with a crafted request, allowing unauthenticated network attackers to read configuration files that may contain credentials, API keys, or other sensitive deployment data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Webmin interface
Delivery
Craft HTTP request bypassing regex filter
Exploit
Read target .conf file contents
Execution
Extract embedded credentials or secrets
Impact
Use credentials for lateral movement

Vulnerability AssessmentAI

Exploitation No authentication is required - the vulnerable file-read code path is reachable before any credential check, as confirmed by PR:N and UI:N in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) reflects a limited-scope confidentiality impact (C:L) with no integrity or availability consequence, which is consistent with a read-only file disclosure primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP GET request to a publicly accessible Webmin instance, constructing a file path that satisfies the flawed regex while pointing to a sensitive .conf file - for example, a module configuration containing a database password. The server responds with the raw file contents. …
Remediation The primary remediation is upgrading to Webmin 2.641 or later, which contains the corrected regular expression. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56021 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy