THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect
Sourcehunters-ledger
Filehunters-ledger.rules
CreatedMay 6, 2026
UpdatedJuly 13, 2026
Classificationtrojan-activity
alert http any any -> any any (msg:"THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect"; flow:established,to_client ; http.server; content:"Werkzeug/3.1.8 Python/3.13.12"; endswith; nocase; http.header; content:"Location|3a 20|/login-2fa"; nocase; reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/ ; classtype:trojan-activity; sid:3500059; rev:2; metadata:author The_Hunters_Ledger, date 2026-05-17, reference https://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/ ;)
References
Metadata
authorThe_Hunters_Ledger
date2026-05-17
referencehttps://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!