Share
## https://sploitus.com/exploit?id=5AF09A71-A9FD-5297-9472-651946A08700
# cPanel-WHM-CVE-2026-41940-AuthBypass
**CVE-2026-41940: cPanel & WHM Authentication Bypass Scanner**

## ⚠️ Legal Notice
**This tool is only authorized for security testing and educational purposes. Users must comply with local laws and regulations. Unauthorized scanning of systems is strictly prohibited. The author assumes no responsibility for any misuse.**

---

## πŸ”₯ Vulnerability Overview
| Item | Details |
|------|------|
| **CVE ID** | CVE-2026-41940 |
| **Vulnerability Name** | cPanel & WHM Session File CRLF Injection |
| **Risk Level** | πŸ”΄ CRITICAL (CVSS 9.8) |
| **Affected Versions** | cPanel & WHM |

### Vulnerability Not Present
```
13:46:01 [SCAN] Testing 5.6.7.8:2087
13:46:02 [ERR] Failed to get session 5.6.7.8:2087
```

---

## πŸ” Vulnerability Verification Instructions
The script verifies the vulnerability using the following logic:
1. **Session Acquisition**: Successfully obtained the `whostmgrsession` Cookie.
2. **Token Extraction**: The response contains a `/cpsess{digit}` path.
3. **Permission Verification**: Accessing `/json-api/version` returns 200 and includes the `"version"` field.

⚠️ **Note**: Some targets may return 500/503 and display β€œLicense”, which still indicates successful authentication bypass, but without commercial authorization. ---

## πŸ›‘οΈ Fix Suggestions
**Upgrade to the following secure versions immediately:**
- 11.110.0.97+
- 11.118.0.63+
- 11.126.0.54+
- 11.132.0.29+
- 11.134.0.20+
- 11.136.0.5+

**Temporary Mitigation Measures:**
1. Limit the IP addresses accessing port 2087.
2. Enable firewall rules.
3. Monitor changes in the `/var/cpanel/sessions/` directory.

---

## πŸ“œ License
This project uses the **GPL v3** open-source license. ---

## πŸ™ Acknowledgments
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

---

## ⚠️ Reminder
> **This tool is only used for authorized security testing and research.** 
> **Any unauthorized scanning is illegal. Users must take responsibility for any consequences.**

---

**Star ⭐ This project! Get more security tool updates!**