CVE-2026-56021
Awaiting Analysis
Awaiting Analysis - Queue
Unauthenticated File Read in Webmin via Bypassed Regex
Vulnerability report for CVE-2026-56021, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-18
Last updated on: 2026-06-24
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webmin | webmin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-185 | The product specifies a regular expression in a way that causes data to be improperly matched or compared. |
| CWE-777 | The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through. |