cPanel - CRLF Injection

ExploitTitle: cPanel 11.40 - CRLF Injection Author: nu11secur1tyAI Date: 2026-04-30 Vendor: cPanel, L.L.C. Software: cPanel & WHM cpsrvd Reference: CVE-2026-41940 / watchTowr-2026-01 Description: A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper...

cPanel/WHM CRLF Injection Authentication Bypass RCE

Exploits CVE-2026-41940, a CRLF injection in cPanel/WHM's cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypasses the encoder, so...

📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution

This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypass...

Exploit for Missing Authentication for Critical Function in Cpanel

================================================================...

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

EUVD-2016-1783

Malware in sbrugna...

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...

CVE-2023-29489

CVE-2023-29489 affects cPanel before 11.109.9999.116, with XSS on the cpsrvd error page triggered by an invalid webcall ID (SEC-669). Impact is browser-execution of malicious scripts, as described, with the vulnerability graded as MEDIUM (CVSS v3.1). Affected fixed versions are 11.109.9999.116, 1...

PT-2023-2904

Name of the Vulnerable Software and Affected Versions: cPanel versions prior to 11.109.9999.116 cPanel versions prior to 11.108.0.13 cPanel versions prior to 11.106.0.18 cPanel versions prior to 11.102.0.31 Description: A reflected Cross-Site Scripting XSS vulnerability was discovered in cPanel...

cPanel Remote Code Execution Vulnerability (CNVD-2020-18555)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A remote code execution vulnerability exists in cPanel versions prior to 84.0.20. The vulnerability can be exploited to achieve remote code execution via the cpsrvd rsync shell using a demo account...

CVE-2020-10120

cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell SEC-545...

Remote code execution

cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell SEC-545...

CVE-2020-10120

cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell SEC-545...

cPanel Input Validation Error Vulnerability (CNVD-2019-27600)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 60.0.25. The vulnerability can be exploited by an attacker to execute...

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

Code injection

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

CVE-2016-10789

CVE-2016-10789 affects cPanel prior to 60.0.25. The cpsrvd 403 error response handler can be exploited to achieve code execution (SEC-191). Multiple connected sources corroborate this vulnerability entry. Impact is high if exploited; remediation is to upgrade to 60.0.25 or later (i.e., non-vulner...

cPanel Input Validation Error Vulnerability (CNVD-2019-29621)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 11.54.0.4. The vulnerability can be exploited by an attacker to execu...

CVE-2016-10855

cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd SEC-91...