Share
## https://sploitus.com/exploit?id=AE86F7CE-706E-5D0B-8203-1ED83FC2E902
# CVE Checker 2026
Multi-OS vulnerability scanner for:
- **CVE-2026-31431** โ Linux kernel `crypto/algif_aead` flaw
- **CVE-2026-41940** โ cPanel & WHM authentication bypass (CVSS 9.8)
## Supported Operating Systems
| Family | Distributions |
|---|---|
| Debian | Ubuntu, Debian, Linux Mint, Pop!_OS |
| RHEL | RHEL, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, CloudLinux, Fedora, Amazon Linux |
| SUSE | SLES, openSUSE |
## Quick Start (one-liner)
Run directly from GitHub:
```bash
curl -fsSL https://raw.githubusercontent.com/sebinxavi/cve-checker-2026/main/cve_check_2026.sh | sudo bash
```
Or download then execute (recommended for review first):
```bash
curl -fsSL -o cve_check_2026.sh https://raw.githubusercontent.com/sebinxavi/cve-checker-2026/main/cve_check_2026.sh
chmod +x cve_check_2026.sh
sudo ./cve_check_2026.sh
```
## What It Checks
### CVE-2026-31431 (Linux kernel)
- Kernel version and build configuration
- `algif_aead` / `af_alg` module load state
- Module blacklist status
- Available patches via `apt`, `dnf`, `yum`, `zypper`
- KernelCare livepatch status (where applicable)
### CVE-2026-41940 (cPanel)
- cPanel & WHM version detection
- Comparison against patched versions
- `cpsrvd` service status
- Exposed ports (2082, 2083, 2086, 2087, 2095, 2096)
- Recent session file activity (IoC indicator)
- cPanel RPM integrity check
## Output
| File | Purpose |
|---|---|
| `/var/log/cve_check_2026_.log` | Full debug log |
| `/var/log/cve_check_2026_.report.txt` | Executive summary |
Falls back to `/tmp/` if `/var/log` is not writable.
## Exit Codes
| Code | Meaning |
|---|---|
| `0` | All clear or not applicable |
| `1` | Script error (not root, missing tools) |
| `2` | At least one CVE confirmed vulnerable |
Useful for automation and monitoring integration.
## Status Legend
| Status | Meaning |
|---|---|
| `SAFE` | Confirmed patched |
| `LIKELY_SAFE` | Probably safe; not confirmed in changelog |
| `MITIGATED` | Workaround applied (e.g., module blacklist) |
| `VULNERABLE` | Patch available, not applied |
| `VULNERABLE_EOL` | End-of-life version, no patch path |
| `NOT_APPLICABLE` | Software not installed |
| `UNKNOWN` | Could not determine automatically |
## Automation Examples
### Cron โ weekly check with email alerts
```bash
sudo tee /etc/cron.weekly/cve-check-2026 > /dev/null "report_${host}_$(date +%F).txt" &
done
wait
```
## Security Notice
This script is **read-only** โ it only inspects the system and writes log files. It does **not**:
- Modify any system configuration
- Install or remove packages
- Restart services
- Reset passwords or credentials
Always review the script before piping `curl` to `bash`. View the source at:
https://github.com/sebinxavi/cve-checker-2026/blob/main/cve_check_2026.sh
## References
- [CVE-2026-31431 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2026-31431)
- [CVE-2026-41940 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2026-41940)
- [cPanel Security Advisory](https://support.cpanel.net/hc/en-us/articles/40073787579671)
## License
MIT โ see [LICENSE](LICENSE)
## Author
Sebin Xavi โ [sebintech.com](https://sebintech.com)