cPanel & WHM - Authentication Bypass via Session-File CRLF Injection CVE-2026-41940
- Severity
- Vulnerability description
- Not available
- Risk description
- Not available
- Recommendation
- Not available
- References
- https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.pyhttps://hadrian.io/blog/cve-2026-41940-a-critical-authentication-bypass-in-cpanelhttps://nvd.nist.gov/vuln/detail/CVE-2026-41940
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Cisa Kev
Yes- Exploitable with Sniper
- No
- CVE Published
- Apr 29, 2026
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect & validate this vulnerability
Go beyond surface scans. Get real validation with proprietary tools designed to prove what’s exploitable in your environment.