whatisgithub

What is cve-2026-41940-poc?

olofsatte/cve-2026-41940-poc — explained in plain English

Analysis updated 2026-06-24

18PythonAudience · developerComplexity · 2/5Setup · easy

In one sentence

A Python proof-of-concept showing a CVSS 10.0 authentication bypass in cPanel and WHM web hosting control panels, where an attacker can gain full admin access without any credentials by exploiting a session pre-initialization flaw. For authorized security research only.

Mindmap

mindmap
  root((repo))
    What It Does
      Bypass cPanel login
      Gain admin access
      Read files run commands
    How It Works
      Session pre-init flaw
      Crafted Auth header
      Server-side file write
    Tool Features
      Single target mode
      Bulk target list mode
      Post-access shell
    Scope
      Security research
      Bug bounty programs
      Authorized testing only
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Test whether your own cPanel or WHM server is vulnerable to CVE-2026-41940 before applying the vendor patch.

USE CASE 2

Use in an authorized bug bounty engagement against cPanel-hosted infrastructure to confirm and document the authentication bypass.

USE CASE 3

Study how session pre-initialization flaws in web control panels can be exploited to understand this class of server-side vulnerability.

USE CASE 4

Run against a lab environment to practice detection and incident response for unauthorized admin session access.

What is it built with?

Python

How does it compare?

olofsatte/cve-2026-41940-pocandyuneducated/resolve-aicarriex6/cvpr2026_similarity_as_evidence
Stars181818
LanguagePythonPythonPython
Setup difficultyeasyhardhard
Complexity2/54/54/5
Audiencedeveloperdeveloperresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Only run against systems you own or have explicit written authorization to test, unauthorized use is illegal in most jurisdictions.

So what is it?

CVE-2026-41940-PoC is a Python tool that demonstrates a critical authentication bypass vulnerability in cPanel and WHM, two widely used web hosting control panel platforms. The vulnerability is rated CVSS 10.0, the highest severity score, meaning an attacker can gain full administrative access to a server without providing any credentials at all. The flaw works by exploiting how cPanel and WHM handle login sessions. The server creates and partially initializes a session before fully checking whether the user has valid credentials. By sending crafted input through the Authorization header, an attacker can manipulate how session data is written to server-side files, ultimately tricking the system into treating the request as authenticated. The tool, written as a Python script, accepts a target URL and can test a single server or work through a list of targets in parallel. Once the bypass succeeds, it provides post-access commands for reading files, executing operating system commands, listing hosted accounts, changing the root password, and opening an interactive shell. Six version ranges of cPanel and WHM are listed as affected, with specific patch versions identified for each. The README states the tool is created solely for educational purposes and bug bounty programs, and that unauthorized use outside of controlled environments is prohibited. Bug bounty programs are schemes where software vendors pay security researchers to find and report vulnerabilities before malicious actors do. This is a security research repository. Running it against systems you do not own or have explicit written permission to test is illegal in most jurisdictions.

Copy-paste prompts

Prompt 1
I have written permission to test a cPanel server. Walk me through running the CVE-2026-41940 PoC script against it and interpreting the output.
Prompt 2
Explain the session pre-initialization flaw in cPanel and WHM that CVE-2026-41940 exploits and what a secure session creation flow would look like instead.
Prompt 3
What WAF rules or server-side detections would catch an attempt to exploit CVE-2026-41940 via a crafted Authorization header?
Prompt 4
List the specific patched versions for each affected cPanel and WHM release that fix CVE-2026-41940 so I can verify my server is protected.

Frequently asked questions

What is cve-2026-41940-poc?

A Python proof-of-concept showing a CVSS 10.0 authentication bypass in cPanel and WHM web hosting control panels, where an attacker can gain full admin access without any credentials by exploiting a session pre-initialization flaw. For authorized security research only.

What language is cve-2026-41940-poc written in?

Mainly Python. The stack also includes Python.

How hard is cve-2026-41940-poc to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is cve-2026-41940-poc for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.