CVE-2026-1193
published 2026-01-19CVE-2026-1193: A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.32%
23.8th percentile
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mineadmin | mineadmin | — | — |
| mineadmin | mineadmin | — | — |
| mineadmin | mineadmin | — | — |
| mineadmin | mineadmin | — | — |
| mineadmin | mineadmin | 1.0.0 – 2.0.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or unauthorized remote HTTP requests targeting the /system/cache/view endpoint in MineAdmin 1.x/2.x installations. ↗
- →A public exploit is available for this vulnerability; prioritize detection of exploitation attempts against MineAdmin (PHP, package mineadmin/mineadmin) deployments. ↗
- ·No fix is currently available for the affected package (mineadmin/mineadmin) as of the last recorded date; organizations should consider compensating controls such as WAF rules blocking access to /system/cache/view. ↗
- ·The vendor did not respond to early disclosure; no official patch or advisory should be expected imminently. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MineAdmin has Incorrect Privilege Assignment
osv·2026-01-20
CVE-2026-1193 [LOW] MineAdmin has Incorrect Privilege Assignment
MineAdmin has Incorrect Privilege Assignment
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
GHSA
MineAdmin has Incorrect Privilege Assignment
ghsa·2026-01-20
CVE-2026-1193 [LOW] CWE-266 MineAdmin has Incorrect Privilege Assignment
MineAdmin has Incorrect Privilege Assignment
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
2026-01-19
Published