{"uuid": "3ef6958e-5e13-483a-8034-400190113049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/thehackernews/8903", "content": "\u26a0\ufe0f UPDATE: #cPanel flaw now tracked as CVE-2026-41940 (CVSS 9.8)\u2014an auth bypass granting unauthenticated admin access.\n\nActively exploited as a 0-day for weeks. Root cause: CRLF injection lets attackers forge sessions and escalate to root.\n\n\ud83d\udd17 Exploit mechanics and real-world impact \u2192 https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "creation_timestamp": "2026-04-30T08:54:20.000000Z"}