CVE Catalog

CVE-2026-49103

Critical
Published: Translated: NVD NIST

Summary

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

Risk Assessment

Improper filename handling may lead to path traversal attacks, jeopardizing user data security.

Recommendation

It is recommended to update Webmin to version 2.640 or later to mitigate this vulnerability.

Original NVD description (English source)

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS