THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect

SID: 3500059Rev: 2Enabled1 views
History
Filehunters-ledger.rules
CreatedMay 6, 2026
UpdatedJuly 13, 2026
Classificationtrojan-activity
alert http any any -> any any (msg:"THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect"; flow:established,to_client; http.server; content:"Werkzeug/3.1.8 Python/3.13.12"; endswith; nocase; http.header; content:"Location|3a 20|/login-2fa"; nocase; reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/; classtype:trojan-activity; sid:3500059; rev:2; metadata:author The_Hunters_Ledger, date 2026-05-17, reference https://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/;)

Metadata

authorThe_Hunters_Ledger
date2026-05-17
referencehttps://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!