PT-2026-50711 · Webmin · Webmin

Published

2026-06-18

Updated

2026-06-18

CVE-2026-56020

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2026-56020

Affected Products

Webmin

PT-2026-50711 · Webmin · Webmin

CVE-2026-56020

Weakness Enumeration

Related Identifiers

Affected Products

References · 5