CVE Catalog
CVE-2026-56021
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.
Risk Assessment
Attackers may gain access to sensitive configuration information, potentially leading to further attacks on the system.
Recommendation
It is recommended to update Webmin to the latest version and implement additional security measures to restrict access to module directories.
Original NVD description (English source)
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

