CVE-2026-1196
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1196
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mineadmin mineadmin 1.0
mineadmin mineadmin 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1196 is an information disclosure vulnerability in MineAdmin versions 1.x and 2.x, specifically in the /system/getFileInfoById endpoint. By manipulating the file ID parameter, an attacker can enumerate file IDs and read sensitive file information such as file hashes without authorization. Using these hashes, the attacker can preview or download files through other endpoints, leading to unauthorized disclosure of sensitive data. The vulnerability can be exploited remotely but requires a high level of complexity and privileges. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive files and data stored in the MineAdmin system. Attackers can remotely access and download confidential information without proper authorization, potentially compromising data confidentiality and security. Since there are no known mitigations or patches and the vendor has not responded, affected users remain at risk until they replace or secure the system. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring and testing the /system/getFileInfoById endpoint for unauthorized access attempts using manipulated ID parameters. Since the vulnerability involves enumeration of file IDs to read file information, you can use HTTP request tools like curl or specialized vulnerability scanners to send requests with varying ID values to see if sensitive file information is disclosed. For example, a command like `curl -v http://<target>/system/getFileInfoById?id=1` and incrementing the ID value can help detect if unauthorized file info is accessible. Additionally, monitoring network traffic for unusual requests to this endpoint or unexpected file hash retrievals can help detect exploitation attempts. [1, 2]

Mitigation Strategies

There are no known patches or vendor-provided mitigations for this vulnerability as the vendor did not respond to the disclosure. Immediate mitigation steps include restricting access to the affected endpoint /system/getFileInfoById by implementing network-level controls such as firewall rules or access control lists to limit who can reach this endpoint. Consider disabling or restricting the use of the affected API if possible. Monitoring for exploitation attempts and preparing to replace the affected MineAdmin product with an alternative solution are also recommended due to the lack of fixes. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1196. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart