## https://sploitus.com/exploit?id=962E8532-01ED-52B9-96B5-349E34B374F3
# 🔴 cPanelCVE
### CVE-2026-41940 — cPanel & WHM Authentication Bypass
**CVSS 10.0 (Critical) · Confirmed In‑The‑Wild · Auto Root Login**
[](https://python.org)
[](LICENSE)
[](https://selenium.dev)
---
## 📖 Overview
**cPanelCVE** is a proof‑of‑concept exploit for CVE-2026-41940, a critical session‑file CRLF injection vulnerability in cPanel & WHM that allows **complete root authentication bypass** on WHM (Web Host Manager) port 2087.
Once the bypass is successful, the tool **automatically opens your browser** (Chrome or Firefox) and logs you directly into the WHM interface as **root** — no manual cookie setup, no password, no click‑throughs.
### 🧬 How It Works
The exploit runs in **4 stages**:
| Stage | Description |
|-------|-------------|
| **0 — Canonical Discovery** | Retrieves the real hostname via `/openid_connect/cpanelid` to prevent redirect loops. |
| **1 — Preauth Session** | Posts wrong credentials to `/login/?login_only=1` to obtain a `whostmgrsession` cookie. |
| **2 — CRLF Injection** | Sends a poisoned `Authorization: Basic` header that writes `hasroot=1` directly into the session file. |
| **3 — Propagate** | Triggers the `do_token_denied` internal gadget to flush the raw session into the live cache. |
| **4 — Verify** | Accesses `/json-api/version` — a 200 OK with version data confirms unrestricted **root access**. |
After Stage 4, the tool either:
- Opens Chrome/Firefox **instantly**, injects the session cookie via DevTools, and lands on the WHM dashboard (fully automatic).
- Or prints ready‑to‑use JavaScript commands for manual login.
---
## ⚡ Quick Start
### Prerequisites
- **Python 3.8+** (stdlib only for exploit core)
- **Selenium** (for auto‑browser login):
```bash
pip install selenium
pip install -r requirements.txt
## ⚡ Usage
```bash
# Auto‑login with Chrome (default)
python cpanelcve.py -u https://target.com:2087 --selenium
# Auto‑login with Firefox
python cpanelcve.py -u https://target.com:2087 --selenium --engine firefox
# Print manual browser console commands
python cpanelcve.py -u https://target.com:2087 --browser
```
Made with ❤️ by @mahanOF