THL CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Control Char in Authorization Basic - Suricata Rule 1900049 (hunters-ledger)

THL CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Control Char in Authorization Basic

SID: 1900049Rev: 1Enabled2 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationweb-application-attack

alert http any any -> any any (msg:"THL CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Control Char in Authorization Basic"; flow:established,to_server; content:"Authorization|3a 20|Basic "; http_header; pcre:"/Authorization:\s*Basic\s+[A-Za-z0-9+\/=]*(?:\x00|\x0a|\x0d|%00|%0a|%0d|%0A|%0D)/Hi"; reference:cve,2026-41940; reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/; classtype:web-application-attack; sid:1900049; rev:1;)

References

cve	2026-41940
url	the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!