‼️ cPanelSniper: CVE-2026-41940 - cPanel & WHM Authentication Bypass via Session-File CRLF In...

Summary

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM has been disclosed, exploitable through CRLF injection in session files. The exploit includes a 4-stage attack chain, an interactive WHM shell, and a bulk scanner tool published on GitHub. This vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to hosting control panels.

Indicators of Compromise

• cve — CVE-2026-41940
• malware — cPanelSniper

Entities