[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-49103":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-27T15:04:06.287Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":27,"summary":28,"references_raw":35,"kevs":45,"epss":9,"epss_history":46,"metrics":47,"affected":54},"CVE-2026-49103","Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-24","Path Traversal: '../filedir'","The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \"../\" sequences that can resolve to a location that is outside of that directory.","weakness","Incomplete","Variant",[],[],[],[],[],[],[],"2026-05-27T14:37:18.786Z","2026-05-27T16:14:12.073Z","Received",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":30,"severity_score":31,"severity_version":32,"severity_source":33,"severity_vector":34,"severity_status":27},false,"critical",9.4,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[36,41],{"url":37,"sources":38,"tags":40},"https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1",[33,39],"nvd",[],{"url":42,"sources":43,"tags":44},"https://github.com/webmin/webmin/compare/2.630...2.640",[33,39],[],[],[],[48,51],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":49},{"baseScore":31,"baseSeverity":50,"vectorString":34,"impactScore":9,"exploitabilityScore":9},"CRITICAL",{"source":39,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":52},{"baseScore":31,"baseSeverity":50,"vectorString":53,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[55],{"ecosystem":9,"name":56,"vendor":57,"product":57,"cpe_part":58,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":59},"Webmin","webmin","a",[60],{"version":61,"is_range":62,"range_type":33,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":64,"fixed_in":9},"\u003C 2.640",true,"2.640","excluding"]