Webmin Vulnerabilities Expose Critical Authentication Bypass

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Webmin versions prior to 2.641, affecting its web-based administration interface for Unix-like systems. These flaws include critical authentication bypass, multi-factor authentication evasion, and information disclosure vulnerabilities. Because Webmin manages essential services such as users, DNS, and databases, successful exploitation could allow attackers to fully compromise server integrity and access sensitive data. The impact is particularly severe given the software's widespread deployment and the privileged access it provides to core infrastructure components.[emaillocker id="1283"]

• CVE-2026-56020 – The Webmin HTTP server trusts a forged HTTP header, allowing a remote attacker to spoof certificate DNs and authenticate as any configured user without credentials.
  • CVE-2026-56021 – A crafted 'User-Agent: webmin' header causes Webmin to accept basic authentication without a session cookie, allowing attackers to bypass Multi-Factor Authentication checks.
  • CVE-2026-56022 – A bypassable regex pattern allows unauthenticated users to read any file ending in .conf inside module directories, enabling the harvesting of sensitive configuration settings and secrets.

These vulnerabilities present a critical risk to organizations due to the potential for complete unauthorized administrative control over Unix-based servers. Exploitation could lead to severe business disruption, data theft, and widespread compromise of the IT infrastructure. Immediate action is required to secure systems against these high-severity threats.

RECOMMENDATION:

• We recommend you update Webmin to version 2.641.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/webmin-vulnerabilities/