Login Sign Up

CVE-2026-1197

3.1 LOW

📋 TL;DR

This vulnerability in MineAdmin 1.x/2.x allows remote attackers to disclose sensitive information by manipulating the ID parameter in the /system/downloadById endpoint. The attack complexity is high and exploitation appears difficult, but the exploit is now publicly available. All systems running vulnerable versions of MineAdmin are affected.

💻 Affected Systems

Products:
  • MineAdmin
Versions: 1.x and 2.x versions
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /system/downloadById endpoint functionality. No specific configuration requirements mentioned.

📦 What is this software?

Mineadmin by Mineadmin

View all CVEs affecting Mineadmin →

Mineadmin by Mineadmin

View all CVEs affecting Mineadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive system information, configuration data, or user data could be exposed to unauthorized remote attackers.

🟠

Likely Case

Limited information disclosure of system details or configuration files that could aid further attacks.

🟢

If Mitigated

Minimal impact with proper access controls and input validation in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit is publicly available but attack complexity is rated high. Remote exploitation is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the /system/downloadById endpoint using web server configuration or firewall rules.

# Example for nginx: location /system/downloadById { deny all; }
# Example for Apache: <Location /system/downloadById> Require all denied </Location>

Implement input validation

all

Add strict input validation for the ID parameter to prevent manipulation.

# Implement server-side validation to ensure ID parameter follows expected format

🧯 If You Can't Patch

  • Implement network segmentation to isolate MineAdmin instances from sensitive systems
  • Deploy web application firewall (WAF) with rules to detect and block parameter manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check if your system runs MineAdmin 1.x or 2.x and has the /system/downloadById endpoint accessible.

Check Version:

Check MineAdmin version in application configuration or admin panel.

Verify Fix Applied:

Test if the /system/downloadById endpoint is properly restricted or if input validation prevents ID manipulation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /system/downloadById endpoint
  • Multiple failed attempts with manipulated ID parameters

Network Indicators:

  • HTTP requests to /system/downloadById with unusual ID parameter values

SIEM Query:

source="web_server" AND uri="/system/downloadById" AND (status=200 OR parameter_manipulation_detected=true)

📊 Metadata

CVE ID: CVE-2026-1197
CVSS v3 Score: 3.1 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.03% exploit probability (7.1th percentile)
Published: January 20, 2026
Last Updated: February 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1197, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)