File Disclosure Vulnerability in Webmin by Vendor Min
CVE-2026-56021

6.9MEDIUM

Key Information:

Vendor

Webmin

Status
Webmin
Vendor
CVE Published:
18 June 2026

What is CVE-2026-56021?

A vulnerability in Webmin allows unauthorized individuals to access and read the contents of any configuration file ending in .conf located within module directories. This issue arises due to a bypassable regex pattern, enabling attackers to leverage the weakness to obtain sensitive information without authentication. Users are advised to update to the latest version to mitigate potential risks.

Affected Version(s)

Webmin *

References

https://webmin.com/security/#webmin-prior-to-2641
release-notes
https://github.com/webmin/webmin/releases/tag/2.641
release-notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Adem El Adeb, vulone.com/vul1.com
.