CVE-2026-1197
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mineadmin | mineadmin | 1.0 |
| mineadmin | mineadmin | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1197 is an arbitrary file download vulnerability in MineAdmin versions 1.x and 2.x. It exists in the endpoint `/system/downloadById?id=`, where the `id` parameter is an auto-incrementing file identifier. Because these IDs are predictable, an attacker can sequentially enumerate them to download all site attachments without authorization, leading to unauthorized access to potentially sensitive files stored on the server. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information by allowing remote attackers to download files they should not have access to. This compromises confidentiality and may expose sensitive or private data stored on the server. Exploitation is remotely possible but considered difficult, and a public proof-of-concept exploit exists. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards and regulations such as GDPR and HIPAA because it leads to unauthorized disclosure of sensitive information, violating confidentiality requirements mandated by these regulations. Organizations using the affected software may face compliance risks if sensitive data is exposed due to this flaw. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring requests to the endpoint `/system/downloadById` with varying `id` parameters. Since the `id` is an auto-incrementing file identifier, an attacker may sequentially enumerate these IDs to download files. You can detect suspicious activity by checking web server logs for repeated or sequential access attempts to `/system/downloadById?id=`. For example, using command-line tools like grep to search logs: `grep "/system/downloadById?id=" /var/log/access.log` and then analyzing for sequential or repeated requests. Additionally, network monitoring tools can be used to detect unusual patterns of requests to this endpoint. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the `/system/downloadById` endpoint to authorized users only, for example by implementing authentication and authorization controls if not already in place. Since no vendor patch or fix is available and the vendor did not respond, consider replacing the affected MineAdmin versions 1.x and 2.x with a secure alternative. Monitoring and blocking suspicious requests to this endpoint can also help reduce exploitation risk. [2]