Share
## https://sploitus.com/exploit?id=AE86F7CE-706E-5D0B-8203-1ED83FC2E902
# CVE Checker 2026

Multi-OS vulnerability scanner for:

- **CVE-2026-31431** โ€” Linux kernel `crypto/algif_aead` flaw
- **CVE-2026-41940** โ€” cPanel & WHM authentication bypass (CVSS 9.8)

## Supported Operating Systems

| Family | Distributions |
|---|---|
| Debian | Ubuntu, Debian, Linux Mint, Pop!_OS |
| RHEL | RHEL, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, CloudLinux, Fedora, Amazon Linux |
| SUSE | SLES, openSUSE |

## Quick Start (one-liner)

Run directly from GitHub:

```bash
curl -fsSL https://raw.githubusercontent.com/sebinxavi/cve-checker-2026/main/cve_check_2026.sh | sudo bash
```

Or download then execute (recommended for review first):

```bash
curl -fsSL -o cve_check_2026.sh https://raw.githubusercontent.com/sebinxavi/cve-checker-2026/main/cve_check_2026.sh
chmod +x cve_check_2026.sh
sudo ./cve_check_2026.sh
```

## What It Checks

### CVE-2026-31431 (Linux kernel)
- Kernel version and build configuration
- `algif_aead` / `af_alg` module load state
- Module blacklist status
- Available patches via `apt`, `dnf`, `yum`, `zypper`
- KernelCare livepatch status (where applicable)

### CVE-2026-41940 (cPanel)
- cPanel & WHM version detection
- Comparison against patched versions
- `cpsrvd` service status
- Exposed ports (2082, 2083, 2086, 2087, 2095, 2096)
- Recent session file activity (IoC indicator)
- cPanel RPM integrity check

## Output

| File | Purpose |
|---|---|
| `/var/log/cve_check_2026_.log` | Full debug log |
| `/var/log/cve_check_2026_.report.txt` | Executive summary |

Falls back to `/tmp/` if `/var/log` is not writable.

## Exit Codes

| Code | Meaning |
|---|---|
| `0` | All clear or not applicable |
| `1` | Script error (not root, missing tools) |
| `2` | At least one CVE confirmed vulnerable |

Useful for automation and monitoring integration.

## Status Legend

| Status | Meaning |
|---|---|
| `SAFE` | Confirmed patched |
| `LIKELY_SAFE` | Probably safe; not confirmed in changelog |
| `MITIGATED` | Workaround applied (e.g., module blacklist) |
| `VULNERABLE` | Patch available, not applied |
| `VULNERABLE_EOL` | End-of-life version, no patch path |
| `NOT_APPLICABLE` | Software not installed |
| `UNKNOWN` | Could not determine automatically |

## Automation Examples

### Cron โ€” weekly check with email alerts

```bash
sudo tee /etc/cron.weekly/cve-check-2026 > /dev/null  "report_${host}_$(date +%F).txt" &
done
wait
```

## Security Notice

This script is **read-only** โ€” it only inspects the system and writes log files. It does **not**:

- Modify any system configuration
- Install or remove packages
- Restart services
- Reset passwords or credentials

Always review the script before piping `curl` to `bash`. View the source at:
https://github.com/sebinxavi/cve-checker-2026/blob/main/cve_check_2026.sh

## References

- [CVE-2026-31431 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2026-31431)
- [CVE-2026-41940 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2026-41940)
- [cPanel Security Advisory](https://support.cpanel.net/hc/en-us/articles/40073787579671)

## License

MIT โ€” see [LICENSE](LICENSE)

## Author

Sebin Xavi โ€” [sebintech.com](https://sebintech.com)