Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56020

Summary
Assigner-cisa-cg
Assigner Org ID-9119a7d8-5eab-497f-8521-727c672e3725
Published At-18 Jun, 2026 | 16:12
Updated At-22 Jun, 2026 | 12:33
Rejected At-
Credits

Webmin HTTP header authentication bypass

The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisa-cg
Assigner Org ID:9119a7d8-5eab-497f-8521-727c672e3725
Published At:18 Jun, 2026 | 16:12
Updated At:22 Jun, 2026 | 12:33
Rejected At:
▼CVE Numbering Authority (CNA)
Webmin HTTP header authentication bypass

The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641.

Affected Products
Vendor
WebminWebmin
Product
Webmin
Default Status
unknown
Versions
Affected
  • From 0 before 2.641 (custom)
Unaffected
  • 2.641
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-290
Description: CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Adem El Adeb, vulone.com/vul1.com
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/webmin/webmin/releases/tag/2.641
release-notes
https://webmin.com/security/#webmin-prior-to-2641
release-notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json
N/A
https://www.cve.org/CVERecord?id=CVE-2026-56020
vdb-entry
Hyperlink: https://github.com/webmin/webmin/releases/tag/2.641
Resource:
release-notes
Hyperlink: https://webmin.com/security/#webmin-prior-to-2641
Resource:
release-notes
Hyperlink: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2026-56020
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:9119a7d8-5eab-497f-8521-727c672e3725
Published At:18 Jun, 2026 | 17:16
Updated At:22 Jun, 2026 | 14:17

The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
N/A
Type: Secondary
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-290Secondary9119a7d8-5eab-497f-8521-727c672e3725
CWE ID: CWE-290
Type: Secondary
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/webmin/webmin/releases/tag/2.6419119a7d8-5eab-497f-8521-727c672e3725
N/A
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json9119a7d8-5eab-497f-8521-727c672e3725
N/A
https://webmin.com/security/#webmin-prior-to-26419119a7d8-5eab-497f-8521-727c672e3725
N/A
https://www.cve.org/CVERecord?id=CVE-2026-560209119a7d8-5eab-497f-8521-727c672e3725
N/A
Hyperlink: https://github.com/webmin/webmin/releases/tag/2.641
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://webmin.com/security/#webmin-prior-to-2641
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2026-56020
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

11Records found

CVE-2026-58370
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.55% / 41.74%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:57
Updated-02 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author.name) carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A user who can open a merge request from a fork can set the commit author name to match an entry in ApprovalAllowedUsers, causing needsApproval to return false so the pipeline runs without the required approval. This defeats the fork-approval security boundary and allows execution of attacker-controlled pipeline steps on a Woodpecker agent and exfiltration of CI secrets exposed to the run. Other built-in forge drivers (Gitea, Forgejo, GitHub, Bitbucket) derive pipeline.Author from the forge-validated sender/actor identity and are not affected.

Action-Not Available
Vendor-woodpecker-ci
Product-woodpecker
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-49468
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.5||CRITICAL
EPSS-0.56% / 42.39%
||
7 Day CHG+0.11%
Published-22 Jun, 2026 | 20:37
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmExploit IntelligenceRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-49757
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-9.2||CRITICAL
EPSS-0.56% / 42.66%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 10:07
Updated-15 Jun, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address (an upsert on the email field, or a user-defined sign-in filter) rather than by the OpenID Connect iss/sub claim combination. Per OpenID Connect Core §5.7, only iss/sub uniquely and stably identifies an end-user; other claims, including email, MUST NOT be used as unique identifiers. A provider login presenting a victim's email, including an unverified email, a reused email, or an account with email_verified: false, resolved to and signed in as the victim's existing local account. An unauthenticated attacker who can register an account on any accepted OAuth provider with the victim's email (or who benefits from provider-side email reuse or reclamation) obtains the victim's full local privileges. The fix resolves users by the (strategy, sub) identity stored in a user identity resource, and only links a new sub to an existing local account by email when the provider's email_verified claim is trusted (trust_email_verified?). This issue affects ash_authentication from 0.1.0 before 4.14.0 and from 5.0.0-rc.0 before 5.0.0-rc.10.

Action-Not Available
Vendor-team-alembic
Product-ash_authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-31424
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-8.1||HIGH
EPSS-0.68% / 47.81%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 00:54
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavSANnav
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-24853
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.27% / 18.95%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 22:19
Updated-24 Feb, 2026 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Caido has an insufficient patch for DNS rebind leading to RCE

Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0.

Action-Not Available
Vendor-caidocaido
Product-caidocaido
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-41107
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-17.76% / 96.79%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 10:19
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CloudStack: SAML Signature Exclusion

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.

Action-Not Available
Vendor-apache_software_foundationThe Apache Software Foundation
Product-cloudstackApache CloudStackapache_cloudstack
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2020-2002
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-1.30% / 66.87%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Spoofed Kerberos key distribution center authentication bypass

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-0030
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-0.83% / 53.04%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 16:30
Updated-15 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Authentication Bypass in Web Interface

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OSCloud NGFWPrisma Access
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-67298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.22% / 12.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 00:00
Updated-07 Apr, 2026 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Action-Not Available
Vendor-classroomion/a
Product-classroomion/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-1524
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-7.7||HIGH
EPSS-0.26% / 17.44%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 08:51
Updated-03 Mar, 2026 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.

Action-Not Available
Vendor-WSO2 LLC
Product-api_manageridentity_serverWSO2 API ManagerWSO2 Identity Server
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-6263
Matching Score-4
Assigner-Network Optix
ShareView Details
Matching Score-4
Assigner-Network Optix
CVSS Score-8.3||HIGH
EPSS-0.49% / 38.50%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 17:56
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Spoofing Vulnerability in NxCloud

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.

Action-Not Available
Vendor-networkoptixNetwork Optix
Product-nxcloudNxCloud
CWE ID-CWE-290
Authentication Bypass by Spoofing
Details not found