EIP-2026-104212

PRE-CVE

cPanel - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104212. PoCs published by SecurityRules.

AI-analyzed exploit summary This exploit demonstrates a CSRF (Cross-Site Request Forgery) vulnerability in cPanel by automatically submitting forms to create a database and add a redirect. The HTML forms are pre-configured to submit to a target cPanel instance, leveraging the victim's session if authenticated.

Description

cPanel - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC
by SecurityRules · htmlwebappsmultiple
https://www.exploit-db.com/exploits/11527

This exploit demonstrates a CSRF (Cross-Site Request Forgery) vulnerability in cPanel by automatically submitting forms to create a database and add a redirect. The HTML forms are pre-configured to submit to a target cPanel instance, leveraging the victim's session if authenticated.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
Auth required
Prerequisites: Victim must be authenticated to the target cPanel instance · Attacker must trick the victim into visiting a malicious page hosting this HTML
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026