6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-31431 is a local privilege escalation vulnerability in the Linux kernel crypto subsystem, specifically in the algif_aead implementation used by the AF_ALG interface.
The flaw is caused by unsafe handling of in-place operations where source and destination buffers originate from different memory mappings. This condition can be abused by a local attacker to manipulate memory behavior within the kernel.
Successful exploitation may allow an unprivileged user to escalate privileges to root, leading to full system compromise, modification of system state, and potential disabling of security controls.
Public proof-of-concept exploit code is available.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Authentication Bypass Vulnerability in cPanel & WHM
Identifier: CVE-2026-41940
CVSS Score: 9.8 (Critical, CVSS v3.1)
PoC or Exploitation:
Public proof-of-concept exploit code is available and exploitation in the wild has been observed.
Update/ Patch:
cPanel has released fixes for this vulnerability.
Affected versions include:
cPanel & WHM versions after 11.40
Fixed versions include:
- cPanel & WHM 11.86.0.41
- cPanel & WHM 11.110.0.97
- cPanel & WHM 11.118.0.63
- cPanel & WHM 11.126.0.54
- cPanel & WHM 11.130.0.19
- cPanel & WHM 11.132.0.29
- cPanel & WHM 11.134.0.20
- cPanel & WHM 11.136.0.5
- WP Squared 136.1.7
cPanel advisory and patch guidance:
Description:
CVE-2026-41940 is an authentication bypass vulnerability in cPanel & WHM caused by missing authentication controls in the login flow.
An attacker can exploit this vulnerability over a network without authentication by sending crafted requests to the affected system. Successful exploitation may allow unauthorized access to the control panel without valid credentials.
Mitigation Recommendation:
Immediately upgrade cPanel & WHM to the latest fixed versions provided by cPanel.
Prioritize patching internet-facing systems and externally accessible control panel interfaces.
Restrict access to administrative interfaces to trusted networks where possible.
Monitor logs for suspicious authentication activity, unauthorized access attempts, or abnormal administrative actions.
Conduct threat hunting on affected systems, especially where exposure existed prior to patching, and review for indicators of compromise.
