cpanel: lightweight self-hosted alternative for tinkerers
CVE-2026-41940, disclosed on April 28, 2026, is an unauthenticated session-forgery vulnerability in cPanel and WHM. An attacker with no credentials can forge session tokens and impersonate authenticated users. On a shared hosting environment, that me...