VDB

GCVE-110-NCSC-2026-130

GCVE-110-NCSC-2026-130
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published April 30, 2026
cPanel and WHM versions prior to specified releases, including those after 11.40, contain an authentication bypass vulnerability via CRLF injection in session files and login flow, allowing unauthenticated attackers to gain root-level control panel access.

Weaknesses (CWE)

CWE-306Missing Authentication for Critical Function

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
cPanelvers:unknown/*

References

advisory
advisory
advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›