CVE-2026-56021

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published Jun 18, 2026

Vendor unknown

Description

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

References

https://github.com/webmin/webmin/releases/tag/2.641
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json
https://webmin.com/security/#webmin-prior-to-2641
https://www.cve.org/CVERecord?id=CVE-2026-56021