VYPR
Medium severity6.1NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-49102

CVE-2026-49102

Description

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Webmin/Webminreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <2.640

Patches

Vulnerability mechanics

References

2

News mentions

2