Share
## https://sploitus.com/exploit?id=5E933B74-5231-5A2D-B219-2E9A754E7419
# ๐ CVE-2026-41940 - cPanel/WHM Authentication Bypass Exploit
[](https://www.python.org/)
[](LICENSE)
[](https://github.com)
> **Professional Edition** - CRLF Injection to Authentication Bypass & Account Leak
## ๐ Overview
This exploit leverages **CVE-2026-41940**, a critical authentication bypass vulnerability in **cPanel/WHM**. By injecting a crafted CRLF payload, it achieves session hijacking and extracts private account data without valid credentials.
### ๐ฅ Key Features
- โ
**Authentication Bypass** - CRLF injection bypasses WHM auth checks
- โ
**Account Leak** - Extract all cPanel accounts (username + domain)
- โ
**Session Hijacking** - Obtain valid WHM session cookie
- โ
**Keep-Alive Thread** - Maintain persistent WHM access
- โ
**Proxy Support** - HTTP/HTTPS proxy for anonymity
- โ
**Stealth Mode** - Random delays + X-Forwarded-For spoofing
- โ
**Retry Mechanism** - Configurable retries for unstable connections
- โ
**Colored Output** - Professional visual feedback (colorama)
- โ
**File Export** - Save account list to file
- โ
**Verbose Mode** - Debug logging for troubleshooting
## ๐ฏ Vulnerable Versions
| Product | Versions |
|---------|----------|
| cPanel & WHM | 11.92 - 11.102 (confirmed) |
| cPanel & WHM | Possibly earlier versions |
> โ ๏ธ **Disclaimer**: This tool is for authorized security testing only.
## ๐ฆ Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/CVE-2026-41940-Exploit.git
cd CVE-2026-41940-Exploit
# Install dependencies
pip install -r requirements.txt