VDB
GCVE-110-NCSC-2026-130
GCVE-110-NCSC-2026-130
Advisory PublishedCVSS 9.8/10
cPanel and WHM versions prior to specified releases, including those after 11.40, contain an authentication bypass vulnerability via CRLF injection in session files and login flow, allowing unauthenticated attackers to gain root-level control panel access.
Weaknesses (CWE)
CWE-306Missing Authentication for Critical Function
Risk Scores
CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| cPanel | vers:unknown/* | — | — |
Aliases
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.