Share
## https://sploitus.com/exploit?id=8C342626-75CE-5DB6-935E-A431EECC0B39
# CVE-2026-41940-POC

cPanel/WHM Authentication Bypass Proof of Concept for CVE-2026-41940.

**For educational and authorized security testing purposes only.**

## Overview

CVE-2026-41940 is a critical authentication bypass in cPanel/WHM's `cpsrvd` service affecting versions 11.40 through unpatched builds. The vulnerability chains a CRLF injection via the `whostmgrsession` cookie with Basic auth header poisoning to gain root WHM access without valid credentials.

This repository contains a proof of concept demonstrating the vulnerability.

## Affected Versions

- cPanel/WHM 11.40 and later
- Patched builds: 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, 11.136.0.5

## Features

- Authentication bypass demonstration (root WHM access)
- Account enumeration
- Server info retrieval (version, hostname, load)
- MySQL database enumeration
- Password change demonstration
- cPanel account creation demonstration
- Arbitrary WHM API access demonstration

## Requirements
pip install requests urllib3

## Usage

```bash
python3 exploit.py --target https://target.com:2087
```
## Interactive Shell
Once bypassed, available commands:
```
list         List all cPanel accounts
version      Show WHM version
hostname     Show server hostname
loadavg      Show server load
whoami       Show current privileges
dbs          List MySQL databases
passwd    Change root password
create     Create cPanel account
api    Call any WHM API function
exit         Quit
```
## Disclaimer
This software is provided for educational and authorized security testing purposes only. The author assumes no liability for any misuse or damage caused by this tool. Users are responsible for compliance with all applicable laws.
## License
![license](https://img.shields.io/badge/license-MIT-blue.svg)