1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'The Internet is falling down': Critical cPanel CRLF injection vu

    From TechnologyDaily@1337:1/100 to All on Thursday, April 30, 2026 17:15:27
    'The Internet is falling down': Critical cPanel CRLF injection vulnerability puts tens of millions of websites at risk of total compromise hosting providers urged to apply CVE-2026-41940 patch immediately

    Date:
    Thu, 30 Apr 2026 16:05:00 +0000

    Description:
    A new critical severity vulnerability can give attackers full control over
    WHM servers, allowing them to steal data, upload malware, and delete websites.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter New critical severity vulnerability allows for authentication bypass The vulnerability affects cPanel and WebHost Manager Attackers can gain full root administrator privileges over any server Researchers at watchTowr Labs have dissected a critical authentication bypass in cPanel and Web Host Manager (WHM) that allows remote attackers to gain full admin access over servers upon which
    much of the internet relies.

    The vulnerability, tracked as CVE-2026-41940 and given a near-top severity score of 9.8, has been exploited in the wild, as confirmed by KnownHost . A patch for the vulnerability has been released and administrators are urged to apply the patch immediately. Article continues below You may like Trend Micro warns of worrying security flaw allowing full Windows takeover, so patch now 60,000 WordPress sites at risk due to plugin security flaw BeyondTrust RCE flaw lets hackers run code without logging in Administrators urged to update immediately For those not aware, cPanel is a layer of software that essentially acts as the control panel for a website. Rather than using code, cPanel is the button that allows you to update some text or upload a file
    onto a website. cPanel is also where the layout and data of your website is stored. WHM on the other hand is what handles every website at the server level.

    The crux of the vulnerability lies in the attacker forging an authenticated session without requiring a password. This provides the attacker with root level access to WHM, and therefore access to every website, database, and
    user account hosted on that particular server.

    From here, there are many options for an attacker. They could steal all of your website and user data, upload malware - or they could simply delete everything on the server.

    As explained by watchTowr Labs (in their characteristic quirky format), the exploit relies on the attacker using CRLF (Carriage Return Line Feed) to inject a new line of code into the cPanel Logbook that bypasses session file encryption and establishes the attacker as the root administrator, giving the attacker access to the WHM admin panel and therefore access to the server.
    (If you want an even more technical breakdown, see the watchTowr Labs report ). Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The patch for the vulnerability has also added a new sanitization function that scrubs any data you send to the server, preventing new lines of code
    from being snuck in.

    For administrators, cPanel recommends updating to the following versions: cPanel & WHM 110.0.x - patched in 11.110.0.97 (was 11.110.0.96) cPanel & WHM 118.0.x - patched in 11.118.0.63 (was 11.118.0.61) cPanel & WHM 126.0.x - patched in 11.126.0.54 (was 11.126.0.53) cPanel & WHM 132.0.x - patched in 11.132.0.29 (was 11.132.0.27) cPanel & WHM 134.0.x - patched in 11.134.0.20 (was 11.134.0.19) cPanel & WHM 136.0.x - patched in 11.136.0.5 (was 11.136.0.4) The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-internet-is-falling-down-critical-c panel-crlf-injection-vulnerability-puts-tens-of-millions-of-websites-at-risk-o f-total-compromise-hosting-providers-urged-to-apply-cve-2026-41940-patch-immed iately


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)