Blog

Notes and technical write-ups from current research and framework work.

Apr 30, 2026 10 min read

cPanel/WHM Pre-auth Root Remote Code Execution

CVE-2026-41940. An unauthenticated attacker can chain four flaws in cPanel/WHM's session handling to obtain an interactive root shell over port 2087 in under ten seconds. We walk through each link in the chain, show the working PoC with a video demo, and give detection rules built from the forensic footprint.

Apr 22, 2026 3 min read

Plesk Advisor SQLi to Root Code Execution

Plesk Obsidian's Advisor extension ships with a SQL injection reachable by any authenticated user, including the lowest-privilege Customer account. We walk through the root cause -- a textbook concatenation bug behind an access control misconfiguration -- and what makes the psa database a particularly valuable target.