A vulnerability classified as critical was found in Webmin HTTP Server up to 2.640 . The affected element is an unknown function of the file miniserv.pl of the component HTTP Header Handler . The manipulation results in authentication bypass by spoofing. This vulnerability is identified as CVE-2026-56020 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.