EIP-2026-106220

PRE-CVE

cPanel and WHM 11.25 - 'failurl' HTTP Response Splitting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106220. PoCs published by Trancer.

AI-analyzed exploit summary The exploit demonstrates an HTTP response-splitting vulnerability in cPanel and WHM by injecting malicious headers and JavaScript via the 'failurl' parameter. This allows attackers to manipulate HTTP responses, potentially leading to XSS or cookie manipulation.

Description

cPanel and WHM 11.25 - 'failurl' HTTP Response Splitting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trancer · textwebappsphp

https://www.exploit-db.com/exploits/33558

View Code ZIP pw:eip

The exploit demonstrates an HTTP response-splitting vulnerability in cPanel and WHM by injecting malicious headers and JavaScript via the 'failurl' parameter. This allows attackers to manipulate HTTP responses, potentially leading to XSS or cookie manipulation.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: cPanel 11.25 and WHM 11.25

No auth needed

Prerequisites: Access to the target cPanel/WHM login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026