cbcvebase.
CVE-2026-1193
published 2026-01-19

CVE-2026-1193: A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.32%
23.8th percentile
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

5 ranges
VendorProductVersion rangeFixed in
mineadminmineadmin
mineadminmineadmin
mineadminmineadmin
mineadminmineadmin
mineadminmineadmin1.0.0 – 2.0.3

Detection & IOCsextracted from sources · hover to see the quote

path/system/cache/view
  • Monitor for unauthenticated or unauthorized remote HTTP requests targeting the /system/cache/view endpoint in MineAdmin 1.x/2.x installations.
  • A public exploit is available for this vulnerability; prioritize detection of exploitation attempts against MineAdmin (PHP, package mineadmin/mineadmin) deployments.
  • ·No fix is currently available for the affected package (mineadmin/mineadmin) as of the last recorded date; organizations should consider compensating controls such as WAF rules blocking access to /system/cache/view.
  • ·The vendor did not respond to early disclosure; no official patch or advisory should be expected imminently.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.