PT-2026-3519 · Mineadmin · Mineadmin

Sourbyte

Published

2026-01-20

Updated

2026-03-26

CVE-2026-1195

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MineAdmin versions 1.x and 2.x

Description A weakness exists in the JWT Token Handler component of MineAdmin. The issue affects the refresh function of the /system/refresh file and involves insufficient verification of data authenticity. The attack can be initiated remotely and is considered to have high complexity, with difficult exploitability. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations Versions prior to 1.x and 2.x should be updated. Consider temporarily disabling the refresh function within the JWT Token Handler component. Restrict access to the /system/refresh file to minimize the risk of exploitation.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2026-1195

GHSA-43RR-X62X-Q96W

Affected Products

Mineadmin

PT-2026-3519 · Mineadmin · Mineadmin

CVE-2026-1195

Weakness Enumeration

Related Identifiers

Affected Products

References · 10