{"cve_id":"CVE-2026-41940","title":"cPanel & WHM - Authentication Bypass via Session-File CRLF Injection","severity":"CRITICAL","actively_exploited":true,"patterns":["/login/?login_only=1"],"events":186,"unique_ips":52,"actors":[{"ip":"45.198.224.5","events":60,"country_code":"US","country":"United States","org":"Vpsvault.host Ltd","rdns":"","scanner_tag":null},{"ip":"52.146.20.92","events":7,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"138.68.65.59","events":6,"country_code":"DE","country":"Germany","org":"DigitalOcean, LLC","rdns":"","scanner_tag":null},{"ip":"213.238.176.22","events":5,"country_code":"TR","country":"Türkiye","org":"Earth Telekomunikasyon Bilisim Internet Arge Yazilim Hizmetleri Tic. Ltd. Sti.","rdns":"","scanner_tag":null},{"ip":"47.251.42.6","events":5,"country_code":"US","country":"United States","org":"Alibaba (US) Technology Co., Ltd.","rdns":"","scanner_tag":null},{"ip":"172.105.7.45","events":4,"country_code":"CA","country":"Canada","org":"Akamai Connected Cloud","rdns":"172-105-7-45.ip.linodeusercontent.com","scanner_tag":{"key":"linode","label":"Linode (Akamai)","category":"hosting_provider","url":"https://www.linode.com/"}},{"ip":"103.120.189.68","events":4,"country_code":"IN","country":"India","org":"Netstra Communications Pvt Ltd","rdns":"node10312018968.netstra.net","scanner_tag":null},{"ip":"67.225.140.37","events":3,"country_code":"US","country":"United States","org":"Liquid Web, L.L.C","rdns":"upl.uplms.com","scanner_tag":null},{"ip":"20.171.20.53","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"50.116.72.42","events":3,"country_code":"US","country":"United States","org":"Network Solutions, LLC","rdns":"ren.rentalla.com","scanner_tag":null},{"ip":"4.236.164.160","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"135.232.232.91","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"64.236.153.97","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"20.169.74.16","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"40.76.181.213","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"20.109.38.225","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"52.148.5.50","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"20.163.63.247","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"20.119.41.196","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"13.71.231.36","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"68.154.116.115","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"161.35.3.45","events":3,"country_code":"US","country":"United States","org":"DigitalOcean, LLC","rdns":"","scanner_tag":null},{"ip":"161.132.53.68","events":3,"country_code":"PE","country":"Peru","org":"Red Cientifica Peruana","rdns":"","scanner_tag":null},{"ip":"172.215.239.51","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"52.161.201.84","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"40.81.230.77","events":3,"country_code":"IN","country":"India","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"68.220.61.183","events":3,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"172.184.210.38","events":2,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"8.231.143.188","events":2,"country_code":"US","country":"United States","org":"Google LLC","rdns":"188.143.231.8.bc.googleusercontent.com","scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"}},{"ip":"35.200.191.248","events":2,"country_code":"IN","country":"India","org":"Google LLC","rdns":"248.191.200.35.bc.googleusercontent.com","scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"}},{"ip":"118.139.167.102","events":2,"country_code":"SG","country":"Singapore","org":"GoDaddy.com, LLC","rdns":"102.167.139.118.host.secureserver.net","scanner_tag":null},{"ip":"52.173.162.101","events":2,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"68.178.167.214","events":2,"country_code":"US","country":"United States","org":"GoDaddy.com, LLC","rdns":"214.167.178.68.host.secureserver.net","scanner_tag":null},{"ip":"210.217.42.139","events":2,"country_code":"KR","country":"South Korea","org":"Korea Telecom","rdns":"","scanner_tag":null},{"ip":"64.227.160.35","events":2,"country_code":"IN","country":"India","org":"DigitalOcean, LLC","rdns":"","scanner_tag":null},{"ip":"206.81.4.2","events":2,"country_code":"US","country":"United States","org":"DigitalOcean, LLC","rdns":"","scanner_tag":null},{"ip":"13.83.162.33","events":2,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"40.65.222.177","events":1,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"108.61.87.118","events":1,"country_code":"US","country":"United States","org":"The Constant Company, LLC","rdns":"108.61.87.118.vultrusercontent.com","scanner_tag":{"key":"vultr","label":"Vultr","category":"hosting_provider","url":"https://www.vultr.com/"}},{"ip":"162.144.121.110","events":1,"country_code":"US","country":"United States","org":"Unified Layer","rdns":"nem.nemm.us","scanner_tag":null},{"ip":"70.32.94.153","events":1,"country_code":"US","country":"United States","org":"GoDaddy.com, LLC","rdns":"gkhl-dtly.accessdomain.com","scanner_tag":null},{"ip":"77.72.5.164","events":1,"country_code":"GB","country":"United Kingdom","org":"Krystal Hosting Ltd","rdns":"328234838193491-cloud.co.uk","scanner_tag":null},{"ip":"13.72.110.24","events":1,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"172.215.216.210","events":1,"country_code":"US","country":"United States","org":"Microsoft Corporation","rdns":"","scanner_tag":null},{"ip":"182.200.56.98","events":1,"country_code":"CN","country":"China","org":"Chinanet","rdns":"","scanner_tag":null},{"ip":"212.132.105.176","events":1,"country_code":"DE","country":"Germany","org":"IONOS SE","rdns":"ip212-132-105-176.pbiaas.com","scanner_tag":null},{"ip":"75.119.155.143","events":1,"country_code":"FR","country":"France","org":"Contabo GmbH","rdns":"vmi643736.contaboserver.net","scanner_tag":{"key":"contabo","label":"Contabo","category":"hosting_provider","url":"https://contabo.com/"}},{"ip":"191.6.5.178","events":1,"country_code":"BR","country":"Brazil","org":"Altatech Solucoes em Tecnologia EIRELI","rdns":"atena.hostagil.com.br","scanner_tag":null},{"ip":"42.96.4.94","events":1,"country_code":"VN","country":"Vietnam","org":"Bach Kim Network solutions Join stock company","rdns":"115827epyc","scanner_tag":null},{"ip":"158.180.87.26","events":1,"country_code":"KR","country":"South Korea","org":"Oracle Corporation","rdns":"","scanner_tag":null}],"top_asns":[{"asn":8075,"org":"Microsoft Corporation","events":65,"ips":24},{"asn":215925,"org":"Vpsvault.host Ltd","events":57,"ips":1},{"asn":14061,"org":"DigitalOcean, LLC","events":13,"ips":4},{"asn":41683,"org":"Earth Telekomunikasyon Bilisim Internet Arge Yazilim Hizmetleri Tic. Ltd. Sti.","events":5,"ips":1},{"asn":45102,"org":"Alibaba (US) Technology Co., Ltd.","events":5,"ips":1},{"asn":63949,"org":"Akamai Connected Cloud","events":4,"ips":1},{"asn":26496,"org":"GoDaddy.com, LLC","events":4,"ips":2},{"asn":396982,"org":"Google LLC","events":4,"ips":2},{"asn":137654,"org":"Netstra Communications Pvt Ltd","events":4,"ips":1},{"asn":3132,"org":"Red Cientifica Peruana","events":3,"ips":1}],"fingerprints":{"ja4h":["po11nr08en_afee2b7712a5","po11nn0700_fb204b7f5765","po11nn0500_9a13ab48ac23","po11nn0500_b4ba55311b46","po11nn0600_f8bf768a441b","po11nn0700_6de35b897fc1"],"ja4":["t13i3112h1_e8f1e7e78f70_89992bd7bbd7","t13i131000_f57a46bbacb6_e5728521abd4","t13i311000_e8f1e7e78f70_d41ae481755e","t13i130900_f57a46bbacb6_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"]},"sample_paths":["/___proxy_subdomain_whm/login/?login_only=1","/login/?login_only=1"],"timeline":[{"day":"2026-06-24","events":17,"ips":8},{"day":"2026-06-25","events":32,"ips":14},{"day":"2026-06-26","events":17,"ips":9},{"day":"2026-06-27","events":32,"ips":16},{"day":"2026-06-28","events":32,"ips":13},{"day":"2026-06-29","events":20,"ips":8},{"day":"2026-06-30","events":26,"ips":11},{"day":"2026-07-01","events":10,"ips":6}],"window_hours":168}