
Critical Webmin Stored XSS Vulnerability Lets Untrusted Users Exploit Root Accounts
A critical stored cross-site scripting (XSS) vulnerability has been disclosed in Webmin, the widely used web-based Unix system administration interface, allowing untrusted users to compromise root-level accounts through maliciously crafted notification email templates. Tracked as CVE-2026-22678, the vulnerability resides in Webmin’s System and Server Status module and affects all versions prior to 2.641. An untrusted […]
The post Critical Webmin Stored XSS Vulnerability Lets Untrusted Users Exploit Root Accounts appeared first on Cyber Security News.