CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 24, 2026

Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User

Cybersecurity News Archived Jun 24, 2026 ✓ Full text saved

Critical security flaws in Webmin have exposed systems to severe risks, allowing attackers to impersonate users, bypass authentication, and gain root-level control across affected environments. Webmin, a widely used web-based system administration tool for Unix-like systems, has disclosed multiple vulnerabilities affecting versions before 2.641. These issues range from stored cross-site scripting (XSS) to privilege escalation […] The post Critical Webmin Vulnerabilities Allow Attackers to Impers

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User By Abinaya June 24, 2026 Critical security flaws in Webmin have exposed systems to severe risks, allowing attackers to impersonate users, bypass authentication, and gain root-level control across affected environments. Webmin, a widely used web-based system administration tool for Unix-like systems, has disclosed multiple vulnerabilities affecting versions before 2.641. These issues range from stored cross-site scripting (XSS) to privilege escalation and authentication bypass flaws, significantly increasing the attack surface for both remote and insider threats. Webmin Vulnerabilities One of the most critical issues, tracked as CVE-2026-22678, is a stored XSS vulnerability in the System and Server Status module. An attacker with limited Webmin access can inject malicious scripts into notification templates. When viewed by an administrator, the payload executes in the context of the root user, enabling full system compromise. Another high-risk vulnerability involves privilege escalation via the built-in Help feature in versions before 2.640. This flaw allows untrusted users to execute arbitrary commands with root privileges, regardless of their assigned module permissions. This effectively breaks Webmin’s access control model. In addition, multiple vulnerabilities in the Read User Mail module further expand the scope of exploitation. CVE-2026-49102 enables XSS via malicious SVG email attachments, while CVE-2026-49103 allows file overwrites due to unsafe filename handling when detaching email attachments. These issues can be chained to achieve persistent compromise. Critically, Webmin also suffers from a two-factor authentication bypass (CVE-2026-42210 and CVE-2026-56022). Attackers can bypass 2FA protections by using HTTP Basic Authentication instead of the standard session-based login. Although valid credentials are still required, this flaw undermines a key security control designed to prevent account takeover. Earlier versions of Webmin are also affected by several severe vulnerabilities. These include command execution via the Squid module (CVE-2025-67738), host header injection in password reset functionality (CVE-2025-61541), and SSL trust misconfigurations allowing attackers to spoof client certificates (CVE-2026-56020). For example, an attacker with limited Webmin access could exploit the Help feature to gain root privileges, then leverage the 2FA bypass to maintain unauthorized access even on hardened accounts, effectively impersonating legitimate administrators. Security researchers from multiple organizations, including TIM Security Red Team and independent contributors, have reported these issues, highlighting ongoing risks in widely deployed administrative tools. Users are strongly advised to upgrade to the latest Webmin version immediately. Administrators should also turn off unnecessary modules, enforce strict access controls, and avoid granting Webmin access to untrusted users. Additionally, reviewing authentication mechanisms and disabling Basic Authentication where possible can help mitigate the risk of 2FA bypass. Organizations relying on Webmin for infrastructure management should treat these vulnerabilities as a high priority, as exploitation could result in a full system takeover, data exposure, and persistent attacker access. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it Microsoft has urged IT Admins to Prepare for Windows 11, Version 26H2 Update Microsoft June 2026 Update Bug Exposes Recycle Bin Filenames in Deletion Dialog Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data to Enable State Operations Latest News Cyber Security News PoC Exploit Released for libssh2 Remote Code Execution Vulnerability Cyber Security News Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers Cyber Security News GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone Operations Cyber Security Red-Team AI Tool Vulnerabilities Let Attackers Exfiltrate API Keys and Compromise Operators’ Systems Cyber Security News Hackers Exploit Unpatched SharePoint Servers to Deploy Ransomware and Custom Backdoors
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗