Share
## https://sploitus.com/exploit?id=5E933B74-5231-5A2D-B219-2E9A754E7419
# ๐Ÿš€ CVE-2026-41940 - cPanel/WHM Authentication Bypass Exploit

[![Python](https://img.shields.io/badge/Python-3.7%2B-blue.svg)](https://www.python.org/)
[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Pentesting](https://img.shields.io/badge/Purpose-Pentesting-red.svg)](https://github.com)

> **Professional Edition** - CRLF Injection to Authentication Bypass & Account Leak

## ๐Ÿ“Œ Overview

This exploit leverages **CVE-2026-41940**, a critical authentication bypass vulnerability in **cPanel/WHM**. By injecting a crafted CRLF payload, it achieves session hijacking and extracts private account data without valid credentials.

### ๐Ÿ”ฅ Key Features

- โœ… **Authentication Bypass** - CRLF injection bypasses WHM auth checks  
- โœ… **Account Leak** - Extract all cPanel accounts (username + domain)  
- โœ… **Session Hijacking** - Obtain valid WHM session cookie  
- โœ… **Keep-Alive Thread** - Maintain persistent WHM access  
- โœ… **Proxy Support** - HTTP/HTTPS proxy for anonymity  
- โœ… **Stealth Mode** - Random delays + X-Forwarded-For spoofing  
- โœ… **Retry Mechanism** - Configurable retries for unstable connections  
- โœ… **Colored Output** - Professional visual feedback (colorama)  
- โœ… **File Export** - Save account list to file  
- โœ… **Verbose Mode** - Debug logging for troubleshooting  

## ๐ŸŽฏ Vulnerable Versions

| Product | Versions |
|---------|----------|
| cPanel & WHM | 11.92 - 11.102 (confirmed) |
| cPanel & WHM | Possibly earlier versions |

> โš ๏ธ **Disclaimer**: This tool is for authorized security testing only.

## ๐Ÿ“ฆ Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/CVE-2026-41940-Exploit.git
cd CVE-2026-41940-Exploit

# Install dependencies
pip install -r requirements.txt