{"uuid": "47c4540f-112c-4d57-8578-1bcf47764e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/brutsecurity/2750", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\nCRITICAL auth bypass in cPanel &amp; WHM (CVSS 10.0)\n\nZero credentials \u2192 Full root WHM access via CRLF injection + session file poisoning.\n\n~70 million domains affected.\n\n### Exploit Chain (4 stages):\n1. Pre-auth session minting  \n2. CRLF injection via Authorization header  \n3. do_token_denied gadget (raw \u2192 cache flush)  \n4. /json-api/version \u2192 PWNED\n\nWhat you get:\n- \u2705 Interactive WHM root shell  \n- \u2705 Account enumeration  \n- \u2705 Command execution  \n- \u2705 Backdoor admin creation  \n- \u2705 Ready for bulk scanning (stdlib only, no extra deps)\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-10T00:00:11.606841Z"}