Threat Advisory

Webmin Vulnerabilities Bypass Two-Factor Authentication Controls

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Webmin affecting versions before 2.641. These flaws include stored cross-site scripting, privilege escalation, authentication bypass, and command execution vulnerabilities that threaten Unix-like systems. The business impact is severe, as attackers can exploit these issues to impersonate users, bypass security controls like two-factor authentication, and gain root-level access. Successful exploitation allows for complete system compromise, persistent unauthorized access, and potential data exposure, significantly increasing the risk for both remote and insider threats.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Webmin affecting versions before 2.641. These flaws include stored cross-site scripting, privilege escalation, authentication bypass, and command execution vulnerabilities that threaten Unix-like systems. The business impact is severe, as attackers can exploit these issues to impersonate users, bypass security controls like two-factor authentication, and gain root-level access. Successful exploitation allows for complete system compromise, persistent unauthorized access, and potential data exposure, significantly increasing the risk for both remote and insider threats.[emaillocker id="1283"]

  • CVE-2026-22678 – This stored cross-site scripting vulnerability in the System and Server Status module allows an attacker with limited access to inject malicious scripts that execute as root when viewed by an administrator.
  • CVE-2026-49102 – This vulnerability enables cross-site scripting attacks via malicious SVG email attachments within the Read User Mail module.
  • CVE-2026-49103 – This flaw allows file overwrites due to unsafe filename handling when detaching email attachments in the Read User Mail module.
  • CVE-2026-42210 – This two-factor authentication bypass allows attackers to circumvent 2FA protections by utilizing HTTP Basic Authentication instead of standard session-based logins.
  • CVE-2026-56022 – This two-factor authentication bypass allows attackers to circumvent 2FA protections by utilizing HTTP Basic Authentication instead of standard session-based logins.
  • CVE-2025-67738 – This vulnerability permits command execution via the Squid module.
  • CVE-2025-61541 – This host header injection flaw affects the password reset functionality.
  • CVE-2026-56020 – This SSL trust misconfiguration allows attackers to spoof client certificates.

These vulnerabilities present a critical risk to infrastructure management, enabling full system takeover and persistent attacker access. Organizations face significant business consequences, including complete data exposure, operational disruption, and the potential for attackers to impersonate legitimate administrators indefinitely. Immediate attention is required to prevent severe operational and security damage.

RECOMMENDATION:

  • We recommend you to update Webmin to version 2.641.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/webmin-vulnerabilities-impersonate-user/

[/emaillocker]
crossmenu