## https://sploitus.com/exploit?id=FFC454D1-5B30-59A4-A8DE-7C4C5D236F6A
# CVE-2026-41940 cPanel & WHM Verification Tool
This repository contains a Python verification script for `CVE-2026-41940`, a critical authentication bypass vulnerability disclosed in cPanel & WHM.
> This project is intended for authorized defensive validation only. It is not intended for exploit development, unauthorized access, or misuse against systems you do not own or administer.
## Official Advisory
Official cPanel security advisory:
- https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
Additional CVE record:
- https://nvd.nist.gov/vuln/detail/CVE-2026-41940
## CVE Details
`CVE-2026-41940` is a critical authentication bypass vulnerability in the cPanel & WHM login flow. The issue may allow an unauthenticated remote attacker to gain unauthorized access to the control panel.
- **CVE:** `CVE-2026-41940`
- **Affected products:** cPanel & WHM, including DNSOnly; WP Squared / WP2
- **Vulnerability type:** Authentication bypass
- **CWE:** `CWE-306` - Missing Authentication for Critical Function
- **CVSS v3.1:** `9.8 Critical`
- **CVSS v3.1 vector:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
- **Attack vector:** Network, no authentication required
- **Impact:** Unauthorized control panel access with high confidentiality, integrity, and availability impact
- **CISA KEV status:** Added to the CISA Known Exploited Vulnerabilities catalog
According to the cPanel advisory, the issue affects cPanel software versions after `11.40`. Affected systems should be updated to a patched release as soon as possible.
## Patched Versions
According to the official cPanel advisory, the following versions and later are patched:
- cPanel & WHM `11.86.0.41` and later
- cPanel & WHM `11.110.0.97` and later
- cPanel & WHM `11.118.0.63` and later
- cPanel & WHM `11.124.0.35` and later
- cPanel & WHM `11.126.0.54` and later
- cPanel & WHM `11.130.0.19` and later
- cPanel & WHM `11.132.0.29` and later
- cPanel & WHM `11.134.0.20` and later
- cPanel & WHM `11.136.0.5` and later
- WP Squared `136.1.7` and later
For CentOS 6 or CloudLinux 6 systems running `v110.0.50`, cPanel states that `v110.0.103` has also been released as a direct update.
## Contents
- `verify_cve2026_41940.py` - Python-based verification script for CVE-2026-41940
## Usage
Run the checker against a WHM target you are authorized to test:
```sh
python3 verify_cve2026_41940.py --target https://target.example.com:2087
```
Example:
```sh
python3 verify_cve2026_41940.py --target https://192.0.2.10:2087
```
A successful verification result indicates that the target may be affected by the vulnerability. A failed result may indicate that the target is patched, unreachable, or that the verification conditions were not met.
## Safe Update Steps
cPanel's official recommendation is to update affected servers immediately:
```sh
/scripts/upcp --force
```
After the update, verify the installed cPanel build and restart the cPanel service:
```sh
/usr/local/cpanel/cpanel -V
/scripts/restartsrv_cpsrvd --hard
```
If an immediate update is not possible, cPanel recommends temporary mitigations such as restricting inbound access to the relevant cPanel/WHM ports at the firewall or stopping affected services. Always follow the official advisory for the most accurate and current remediation guidance.
## Important Notes
- Use this tool only for authorized security testing, validation, and defensive operations.
- Do not run it against systems you do not own or where you do not have explicit permission.
- Before testing production systems, plan an appropriate maintenance window, logging, and backup process.
- If a system is affected, the priority should be patching and incident review rather than repeated verification.
## Disclaimer
This repository is provided for education, defensive validation, and authorized security research. Any unauthorized use, damage, or access attempt is the sole responsibility of the user.