<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Authentication-Bypass on CuraSec</title><link>https://curasec.metacog.co.kr/tags/authentication-bypass/</link><description>Recent content in Authentication-Bypass on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/authentication-bypass/index.xml" rel="self" type="application/rss+xml"/><item><title>cPanel/WHM Auth Bypass CVE-2026-41940 — KEV-listed, EPSS 0.98, PoC public</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-cpanel-and-whm-authentication-bypass-cve-2026-41940/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-cpanel-and-whm-authentication-bypass-cve-2026-41940/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> cPanel/WHM is widely deployed by hosting providers and MSPs; CISA KEV listing plus EPSS 0.98 and public PoC confirm active exploitation risk. Patch to the vendor-released fixed version immediately and audit for signs of unauthorized access in cPanel/WHM logs.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Act:&lt;/strong> With a public PoC and KEV listing, opportunistic exploitation is underway — sweep for anomalous cPanel/WHM authentication events and unexpected admin account creation since the PoC publication date, and tune detections for unauthenticated access patterns on WHM ports.&lt;/li>
&lt;li>&lt;strong>Leader — Plan:&lt;/strong> If your organization or any managed-hosting vendor uses cPanel/WHM, confirm patching status and request attestation this week; the KEV listing signals broad exploitation, but direct board escalation is warranted only if you host customer data on affected systems.&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-41940 — CISA KEV: listed, EPSS 0.98, public PoC on GitHub&lt;/li>
&lt;/ul></description></item><item><title>CVE-2026-48710: Starlette Host-Header Auth Bypass, PoC Public</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-badhost-cve-2026-48710-starlette-host-header-auth-bypass/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-badhost-cve-2026-48710-starlette-host-header-auth-bypass/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Plan:&lt;/strong> Starlette is widely used in Python ASGI applications; a host-header auth bypass with a public GitHub PoC is a real exposure for any service relying on host-based access control. EPSS is 0.01 and no KEV listing, so immediate emergency patching isn&amp;rsquo;t warranted, but you should upgrade Starlette to the patched version within your next patch window and audit any middleware that trusts the Host header for routing or authorization decisions.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-48710 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>