CVE-2026-1195 – This vulnerability in MineAdmin's JWT token ref... (How to Fix)

Q: What is the severity of CVE-2026-1195?

CVE-2026-1195 has a CVSS score of 5.0 (MEDIUM). This vulnerability in MineAdmin's JWT token refresh function allows attackers to bypass authentication by manipulating insufficiently verified data. It affects all MineAdmin 1.x and 2.x installations, enabling potential unauthorized access to administrative functions. The attack can be performed remotely but requires high complexity to execute successfully.

📋 TL;DR

This vulnerability in MineAdmin's JWT token refresh function allows attackers to bypass authentication by manipulating insufficiently verified data. It affects all MineAdmin 1.x and 2.x installations, enabling potential unauthorized access to administrative functions. The attack can be performed remotely but requires high complexity to execute successfully.

💻 Affected Systems

Products:

MineAdmin

Versions: 1.x and 2.x

Operating Systems: All platforms running MineAdmin

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable JWT token handler component are affected regardless of configuration.

📦 What is this software?

Mineadmin by Mineadmin

View all CVEs affecting Mineadmin →

Mineadmin by Mineadmin

View all CVEs affecting Mineadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation, allowing attackers to gain administrative access, modify system configurations, and potentially execute arbitrary code.

🟠

Likely Case

Unauthorized access to administrative functions, data leakage, and potential manipulation of system settings without proper authentication.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place to detect anomalous token refresh attempts.

🌐 Internet-Facing: HIGH - Attack can be performed remotely, and public exploit code exists, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - While still vulnerable, internal systems benefit from network segmentation and additional security layers that reduce exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit code is publicly available but requires understanding of JWT manipulation and the specific MineAdmin implementation. Attack complexity is rated as high.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a non-vulnerable version if available, or implement workarounds.

🔧 Temporary Workarounds

Disable vulnerable endpoint

all

Temporarily disable or restrict access to the /system/refresh endpoint that handles JWT token refresh functionality

# Configure web server (nginx example) to block /system/refresh
location /system/refresh { deny all; }
# Configure firewall to block access to refresh endpoint

Implement additional JWT validation

all

Add custom validation logic to verify JWT token authenticity beyond the vulnerable refresh function

# Custom middleware or validation function required
# Implementation depends on MineAdmin framework specifics

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the MineAdmin interface
Deploy a Web Application Firewall (WAF) with rules to detect and block JWT manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check if your MineAdmin installation is version 1.x or 2.x and has the /system/refresh endpoint accessible

Check Version:

# Check MineAdmin version in configuration files or admin interface
# Typically in config files or via admin panel

Verify Fix Applied:

Test if JWT token refresh functionality properly validates token authenticity and rejects manipulated tokens

📡 Detection & Monitoring

Log Indicators:

Multiple failed JWT refresh attempts
Unusual token refresh patterns from unexpected IPs
Access to /system/refresh endpoint with malformed tokens

Network Indicators:

Unusual traffic to /system/refresh endpoint
HTTP requests with manipulated JWT tokens in headers

SIEM Query:

source="web_server" AND (uri="/system/refresh" OR uri="/system/refresh/") AND (status_code=200 OR status_code=401) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2026-1195

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-345

EPSS Score: 0.02% exploit probability (4.9th percentile)

Published: January 20, 2026

Last Updated: February 5, 2026

🔗 References

https://github.com/SourByte05/MineAdmin-Vulnerability/issues/4 Exploit,Issue Tracking,Mitigation,Third Party Advisory
https://vuldb.com/?ctiid.341780 Permissions Required,VDB Entry
https://vuldb.com/?id.341780 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.734272 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1195, you might also want to check these: