Authentication Bypass Vulnerability in Webmin by Webmin
CVE-2026-56022

6.9MEDIUM

Key Information:

Vendor: Webmin
Status: Webmin
Vendor: CVE Published:; 18 June 2026

🔔 Create Webmin Vulnerability Alert

What is CVE-2026-56022?

Webmin has a vulnerability that allows attackers to bypass multi-factor authentication when they present a specific 'User-Agent: webmin' header. This flaw permits access without the use of session cookies, potentially exposing sensitive systems to unauthorized remediation. The issue has been addressed in version 2.641.

Affected Version(s)

Webmin 0 < 2.641

Webmin 2.641

References

https://webmin.com/security/#webmin-prior-to-2641

https://github.com/webmin/webmin/releases/tag/2.641

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 18, 2026

Credit

Adem El Adeb, vulone.com/vul1.com

CVE-2026-56022 Data

.