Exploit- cPanel & WHM Auth Bypass CVE-2026-41940 · Sorry Ransomware.

A CRLF-injection chain in cPanel's session handler grants root WHM access from a handful of unauthenticated HTTP requests. Multiple actors are now deploying Sorry ransomware and Mirai variants across an exposed surface of roughly 1.5 million servers.

2026-05-07T09:58:00.822Z
Rudra Verma, Senior Security Architect & Researcher