## https://sploitus.com/exploit?id=A102F74B-FD05-5EE8-B2C3-BD37211B5380
# CVE-2026-41940 Detection & Verification
[](https://opensource.org/licenses/MIT)
## Overview
This tool detects **cPanel/WHM instances vulnerable to CVE-2026-41940**, a critical
authentication bypass discovered by [watchTowr Labs](https://labs.watchtowr.com/).
The vulnerability allows an unauthenticated attacker to gain root access to WHM via
a CRLF injection in the session file.
**This script is a proof-of-concept detection tool.** It does **not**:
- Exploit or modify target systems.
- Create backdoors or persistent access.
- Store or exfiltrate credentials.
It only performs the first four stages of the vulnerability chain to verify whether
a server is vulnerable, then reports the result.
---
## Important: Legal & Ethical Use
**Only run this tool against servers you own or have explicit written permission to test.**
Unauthorized scanning may violate laws like the Computer Fraud and Abuse Act (CFAA)
and similar legislation worldwide.
By using this software, you agree that:
- You are responsible for complying with all applicable laws and regulations.
- The authors assume no liability for any misuse or damage caused by this tool.
---
## Features
- Single-target or mass detection via [Shodan](https://www.shodan.io/) (requires API key).
- Thread-safe SQLite queue to resume interrupted scans.
- Stealth mode with random delays and user-agent rotation.
- Optional API token creation (disabled by default, enable only for authorized assessments).
- Outputs a list of vulnerable hosts to `vulnerable_hosts.txt` and details to `verification_details.txt`.
---
## Installation
```bash
git clone https://github.com/unteikyou/CVE-2026-41940-AuthBypass-Detector.git
cd CVE-2026-41940-AuthBypass-Detector
pip install -r requirements.txt