Share
## https://sploitus.com/exploit?id=A102F74B-FD05-5EE8-B2C3-BD37211B5380
# CVE-2026-41940 Detection & Verification

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## Overview

This tool detects **cPanel/WHM instances vulnerable to CVE-2026-41940**, a critical
authentication bypass discovered by [watchTowr Labs](https://labs.watchtowr.com/).
The vulnerability allows an unauthenticated attacker to gain root access to WHM via
a CRLF injection in the session file.

**This script is a proof-of-concept detection tool.** It does **not**:

- Exploit or modify target systems.
- Create backdoors or persistent access.
- Store or exfiltrate credentials.

It only performs the first four stages of the vulnerability chain to verify whether
a server is vulnerable, then reports the result.

---

## Important: Legal & Ethical Use

**Only run this tool against servers you own or have explicit written permission to test.**
Unauthorized scanning may violate laws like the Computer Fraud and Abuse Act (CFAA)
and similar legislation worldwide.

By using this software, you agree that:

- You are responsible for complying with all applicable laws and regulations.
- The authors assume no liability for any misuse or damage caused by this tool.

---

## Features

- Single-target or mass detection via [Shodan](https://www.shodan.io/) (requires API key).
- Thread-safe SQLite queue to resume interrupted scans.
- Stealth mode with random delays and user-agent rotation.
- Optional API token creation (disabled by default, enable only for authorized assessments).
- Outputs a list of vulnerable hosts to `vulnerable_hosts.txt` and details to `verification_details.txt`.

---

## Installation

```bash
git clone https://github.com/unteikyou/CVE-2026-41940-AuthBypass-Detector.git
cd CVE-2026-41940-AuthBypass-Detector
pip install -r requirements.txt