CVE-2026-49103

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

CWE	CWE-24
Vendor	webmin
Product	webmin
Published	May 27, 2026
Last Updated	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for webmin webmin

Be the first to know when new unknown vulnerabilities affecting webmin webmin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Webmin / Webmin

0 < 2.640

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1 github.com: https://github.com/webmin/webmin/compare/2.630...2.640