Medium severity6.1NVD Advisory· Published May 27, 2026· Updated May 27, 2026
CVE-2026-49102
CVE-2026-49102
Description
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
2- ⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and MoreThe Hacker News · Jul 6, 2026
- Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any UserCyber Security News · Jun 24, 2026