Post #8903

@thehackernews

The Hacker News

Views8,780Post view count

PostedApr 3004/30/2026, 07:56 AM

Post content

⚠️ UPDATE: #cPanel flaw now tracked as CVE-2026-41940 (CVSS 9.8)—an auth bypass granting unauthenticated admin access. Actively exploited as a 0-day for weeks. Root cause: CRLF injection lets attackers forge sessions and escalate to root. 🔗 Exploit mechanics and real-world impact → https://thehackernews.com/2026/04/critical-cpanel-authentication.html