User Impersonation Vulnerability in Webmin HTTP Server
CVE-2026-56020
9.2CRITICAL
What is CVE-2026-56020?
The Webmin HTTP server (miniserv.pl) is susceptible to a user impersonation vulnerability that enables unauthenticated attackers to spoof Certificate Distinguished Names (DNs). By forging an HTTP header, a remote attacker can impersonate any configured user with an SSL client certificate, potentially gaining unauthorized access to user accounts within the system. This flaw highlights the necessity for immediate updates and proper security measures to protect against such impersonation attacks.
Affected Version(s)
Webmin 0 < 2.641
Webmin 2.641