CVE-2026-56021

Summary

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

Affected Software

VendorProductVersion RangeStatus
WebminWebmin*affected

Weaknesses

  • CWE-185: CWE-185 Incorrect Regular Expression
  • CWE-777: CWE-777 Regular Expression without Anchors

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References