CVE Catalog
CVE-2026-49103
CriticalSummary
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.
Risk Assessment
Improper filename handling may lead to path traversal attacks, jeopardizing user data security.
Recommendation
It is recommended to update Webmin to version 2.640 or later to mitigate this vulnerability.
Original NVD description (English source)
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

