The situation around the critical CVE-2026-41940 vulnerability has now escalated. What started as a serious security flaw has turned into a large-scale active threat after a weaponized exploit tool called cPanelSniper was released publicly.
The vulnerability affects cPanel and WebHost Manager (WHM). It allows attackers to bypass login and gain full root access to servers. With the release of cPanelSniper, this attack is now much easier to execute and can be automated.
The exploit framework was shared on GitHub by a security researcher. It is written in Python and does not need external dependencies. This makes it simple for attackers to use and deploy at scale.
The tool follows a four-step attack chain. It first creates a session without proper login, then injects malicious data into that session, activates it, and finally confirms full admin access. In simple terms, it tricks the system into thinking the attacker is already logged in as root.
The root cause of the issue lies in how cPanel handles login sessions. A flaw in its session handling allows attackers to inject special characters into session files before they are properly cleaned.
This lets attackers add values like user=root and tfa_verified=1 directly into the session. Once that happens, the system treats the attacker as a fully authenticated admin without needing a password.
This is not a theoretical risk. Real-world attacks have already been confirmed. Security data shows around 44,000 IP addresses are actively scanning and attacking servers. Exploitation has been happening since February 2026, long before the patch.
Attacks include ransomware, website defacement, and botnet activity. Millions of servers are exposed on the internet, and a large number of them were vulnerable before patches were released.
cPanel has already released patches across all supported versions. However, systems that are not updated remain fully exposed. Even worse, since exploitation started months ago, some servers may already be compromised without the owners knowing
Related Posts
