CVE report
CVE-2026-41940CRITICALKEV
cPanel & WHM - Authentication Bypass via Session-File CRLF Injection
Events 7d
133
Distinct IPs
56
Severity
CRITICAL
CISA KEV
Actively exploited
Daily probe volume (last 7 days)
peak: 33Downloads & integrations
Top sources probing for CVE-2026-41940
- 45.198.224.47 eventsSweden
- 60.48.52.1196 eventsMalaysia· TM TECHNOLOGY SERVICES SDN. BHD.
- 78.159.131.566 eventsAlbania· Global Connectivity Solutions Llp
- 178.255.72.1026 eventsItaly· Logica S.r.l.
- 210.217.42.1395 eventsSouth Korea· Korea Telecom
- 146.90.69.1905 eventsUnited Kingdom· British Telecommunications PLC
- 138.68.65.595 eventsGermany· DigitalOcean, LLC
- 66.198.225.214 eventsUnited States
- 168.119.166.2094 eventsGermany
- 135.181.7.2344 eventsFinland
- 103.120.189.684 eventsIndia· Netstra Communications Pvt Ltd
- 102.69.167.144 eventsTanzania· Flashnet-Technologies-Limited
- 85.215.219.1263 eventsGermany· IONOS SE
- 174.138.179.1983 eventsUnited States· Interserver, Inc
- 92.205.232.883 eventsGermany· Host Europe GmbH
- 68.178.167.2143 eventsUnited States· GoDaddy.com, LLC
- 45.148.10.2153 eventsNetherlands· Techoff Srv Limited
- 5.189.169.583 eventsFrance· Contabo GmbH
- 185.177.238.463 eventsAlbania· Global Connectivity Solutions Llp
- 20.203.102.603 eventsUnited Arab Emirates· Microsoft Corporation
- 66.165.235.1942 eventsUnited States· HIVELOCITY, Inc.
- 134.209.97.1942 eventsSingapore· DigitalOcean, LLC
- 111.229.167.182 eventsChina· Shenzhen Tencent Computer Systems Company Limited
- 188.132.130.92 eventsTürkiye· Pembe Gul Isguzar Karagoz
- 165.231.215.42 eventsSlovakia· Orion Network Limited
- 198.50.239.952 eventsCanada· OVH SAS
- 50.6.19.1872 eventsUnited States· Oracle Corporation
- 143.244.199.862 eventsNetherlands· DigitalOcean, LLC
- 50.116.72.422 eventsUnited States· Network Solutions, LLC
- 203.175.125.1532 eventsIndonesia· PT Trisari Data Indonusa
URL patterns we match
An event counts toward CVE-2026-41940 if its URL path contains any of these substrings (case-insensitive).
- · /login/?login_only=1