tag: Authentication-Bypass · 2 items
- Engineer — Plan: Starlette is widely used in Python ASGI applications; a host-header auth bypass with a public GitHub PoC is a real exposure for any service relying on host-based access control. EPSS is 0.01 and no KEV listing, so immediate emergency patching isn’t warranted, but you should upgrade Starlette to the patched version within your next patch window and audit any middleware that trusts the Host header for routing or authorization decisions.
- SOC/IR — Skip
- Leader — Skip
- Signals: CVE-2026-48710 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub
- Engineer — Act: cPanel/WHM is widely deployed by hosting providers and MSPs; CISA KEV listing plus EPSS 0.98 and public PoC confirm active exploitation risk. Patch to the vendor-released fixed version immediately and audit for signs of unauthorized access in cPanel/WHM logs.
- SOC/IR — Act: With a public PoC and KEV listing, opportunistic exploitation is underway — sweep for anomalous cPanel/WHM authentication events and unexpected admin account creation since the PoC publication date, and tune detections for unauthenticated access patterns on WHM ports.
- Leader — Plan: If your organization or any managed-hosting vendor uses cPanel/WHM, confirm patching status and request attestation this week; the KEV listing signals broad exploitation, but direct board escalation is warranted only if you host customer data on affected systems.
- Signals: CVE-2026-41940 — CISA KEV: listed, EPSS 0.98, public PoC on GitHub