Hacker News
CPanel Authentication Bypass CVE-2026-41940 — CVSS 9.8, Actively Exploited, ~1.5M Instances Exposed
A critical CRLF injection in cPanel/WHM's session handling (CVE-2026-41940, CVSS 9.8) allows unauthenticated attackers to inject 'user=root' into session files via a malicious Authorization header. Rapid7 identified ~1.5 million exposed cPanel instances online. Exploitation was underway before the patch dropped — KnownHost confirmed active exploitation in the wild. Emergency patches available for all supported versions. 111 points on HN.
↳ Follow the thread