## https://sploitus.com/exploit?id=1B74412D-48E6-577C-8B75-929049456832
# CVE-2026-41940 โ WHM/cPanel Exploit Tool (Linux)
> โ ๏ธ **DISCLAIMER:** This tool is intended for **authorized penetration testing and educational purposes only**. Using this tool against systems without explicit written permission is **illegal**. The developers are not responsible for any misuse or damage caused.
---
## ๐ Description
**CVE-2026-41940** is an exploit tool targeting vulnerabilities in **WHM (WebHost Manager) / cPanel** servers running on port `2087`. The tool features a graphical user interface (GUI) built with **PyQt5** and is designed to run on **Linux** systems.
- **Target:** WHM / cPanel servers
- **Port:** 2087
- **Interface:** GUI (PyQt5)
- **Language:** Python 3
- **Author:** FriendsExploit
---
## ๐ Project Structure
```
CVE-2026-41940-Linux/
โโโ CVE-2026-41940.py # Main entry point
โโโ requirements.txt # Python dependencies
โโโ Dork.txt # Google/Shodan dorks for target discovery
โโโ pyarmor_runtime_000000/ # PyArmor runtime (obfuscation layer)
โโโ system/
โโโ __init__.py # Module initializer
โโโ core.py # Core exploit logic
โโโ gui.py # GUI components
โโโ styles.py # UI styling
โโโ workers.py # Background worker threads
```
---
## โ๏ธ Requirements
| Requirement | Version |
|---|---|
| OS | Linux (Kali recommended) |
| Python | >= 3.x |
| PyQt5 | >= 5.15.0 |
| urllib3 | >= 1.26.0 |
---
## ๐ ๏ธ Installation & Setup
### 1. Clone or Download the Project
```bash
git clone https://github.com/willygailo/CVE-2026-41940-Linux.git
```
### 2. Install Dependencies
```bash
pip3 install -r requirements.txt
```
> If you're on Kali Linux and get an "externally managed environment" error:
```bash
pip3 install --break-system-packages -r requirements.txt
```
> Or install PyQt5 via apt:
```bash
sudo apt install python3-pyqt5 -y
```
---
## ๐ Usage
### Run the Tool
```bash
python3 CVE-2026-41940.py
```
### Suppress Warnings (Optional)
```bash
python3 CVE-2026-41940.py 2>/dev/null
```
### Run on Wayland (Optional)
```bash
QT_QPA_PLATFORM=wayland python3 CVE-2026-41940.py
```
---
## ๐ Dorks for Target Discovery
Use the dorks in `Dork.txt` for finding targets via Shodan or Google:
```
title:"WHM Login"
title:"WebHost Manager" port:2087
product:"cPanel" port:2087
```
> ๐ [Shodan.io](https://www.shodan.io) | [Google](https://www.google.com)
---
## โ ๏ธ Common Warnings (Non-Fatal)
These warnings may appear on Linux โ they are **harmless** and do not affect functionality:
```
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
QSocketNotifier: Can only be used with threads started with QThread
```
---
## ๐ Legal Notice
This tool is provided **for educational and authorized security testing only**.
- โ Use only on systems you **own** or have **explicit written permission** to test.
- โ Do **NOT** use on unauthorized systems.
- The author assumes **no liability** for misuse of this tool.
---
## ๐ท๏ธ Tags
`CVE-2026-41940` `WHM` `cPanel` `exploit` `penetration-testing` `linux` `pyqt5` `python3` `FriendsExploit`