CVE-2026-1195
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-01-20
EPSS Evaluated
2026-05-25
NVD
CVE-2026-1195
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mineadmin mineadmin 1.0
mineadmin mineadmin 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the MineAdmin Enterprise Backend Management System versions 1.x and 2.x, specifically in the JWT Token Handler's /system/refresh function. It allows an attacker to craft a malicious JWT token that appears to be signed by a super administrator without proper authorization. By submitting this token to the refresh endpoint, the attacker can bypass authentication controls and obtain a new valid token with administrator privileges. This is due to insufficient verification of data authenticity, enabling unauthorized privilege escalation and compromising the backend permission management system's security. [1, 2]


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized privilege escalation, allowing attackers to gain administrator-level access remotely. This compromises the confidentiality, integrity, and availability of the system, potentially enabling attackers to manipulate or control backend management functions. Although exploitation is considered difficult, a public proof-of-concept exploit exists, increasing the risk of attacks. There are currently no known mitigations or vendor responses, so affected users may need to consider replacing the vulnerable component or product. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can focus on monitoring traffic to the backend API port (default 9501) for suspicious requests to the /system/refresh endpoint, especially those involving JWT tokens that may be manipulated or forged. Since the vulnerability involves crafting a JWT token signed as a super administrator, inspecting JWT tokens for unusual claims or signatures could help. However, no specific detection commands or tools are provided in the available resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps are limited due to the lack of vendor response and no known recommended mitigations. Users are advised to consider replacing the affected component or product. Monitoring for exploit attempts and restricting access to the backend API port may help reduce risk temporarily. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart