CVE Catalog

CVE-2026-56021

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

Risk Assessment

Attackers may gain access to sensitive configuration information, potentially leading to further attacks on the system.

Recommendation

It is recommended to update Webmin to the latest version and implement additional security measures to restrict access to module directories.

Original NVD description (English source)

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS