CVE-2026-49103

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 27, 2026

Vendor unknown

Description

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

References

https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1
https://github.com/webmin/webmin/compare/2.630...2.640