CVE-2026-49103

N/A Unknown
Published: May 27, 2026 Modified: May 27, 2026
View on NVD

Description

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1
Source: cve@mitre.org
https://github.com/webmin/webmin/compare/2.630...2.640
Source: cve@mitre.org

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
22th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-24

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8