Cve 2026 41940

Go-based Sorry ransomware exploits cPanel auth bypass CVE-2026-41940, encrypting files with ChaCha20/RSA-2048. 44,000+ IPs compromised as attackers demand Tox ransom.

Critical CVSS 9.8 flaw in cPanel/WHM allowed attackers to bypass authentication via CRLF injection. Exploits confirmed in the wild before emergency patches.