EIP-2026-104211

PRE-CVE

cPanel - HTTP Response Splitting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104211. PoCs published by Trancer.

AI-analyzed exploit summary This is a detailed technical writeup describing an HTTP Response Splitting vulnerability in cPanel and WHM versions 11.25 (up to build 42174). The vulnerability allows injection of CR and LF characters into the HTTP response header via the 'failurl' parameter, enabling attacks such as header injection, XSS, and open redirection.

Description

cPanel - HTTP Response Splitting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trancer · textwebappsmultiple

https://www.exploit-db.com/exploits/11211

View Code ZIP pw:eip

This is a detailed technical writeup describing an HTTP Response Splitting vulnerability in cPanel and WHM versions 11.25 (up to build 42174). The vulnerability allows injection of CR and LF characters into the HTTP response header via the 'failurl' parameter, enabling attacks such as header injection, XSS, and open redirection.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: cPanel and WHM 11.25 (up to build 42174)

No auth needed

Prerequisites: Access to the cPanel login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026