CVE report

CVE-2026-41940CRITICALKEV

cPanel & WHM - Authentication Bypass via Session-File CRLF Injection

Events 7d

133

Distinct IPs

56

Severity

CRITICAL

CISA KEV

Actively exploited

Daily probe volume (last 7 days)

peak: 33
2026-05-14: 7 events05-142026-05-15: 19 events05-152026-05-16: 26 events05-162026-05-17: 33 events05-172026-05-18: 25 events05-182026-05-19: 19 events05-192026-05-20: 2 events05-202026-05-21: 2 events05-21

Downloads & integrations

Top sources probing for CVE-2026-41940

URL patterns we match

An event counts toward CVE-2026-41940 if its URL path contains any of these substrings (case-insensitive).

  • · /login/?login_only=1