Unfold-Security/CVE-2026-41940-Detection

# CVE-2026-41940 检测 cPanel/WHM 身份验证绕过 (CVE-2026-41940) 的检测规则和日志模式，由 Unfold Security 提供。 **博客文章：** [cPanel 漏洞利用 — CVE-2026-41940](https://www.unfold.ai/blog/cpanel-exploit-cve-2026-41940) ## 结构 ``` ├── cpanel_cve_2026_41940_mal_get.yml # SIGMA rule — detects the CRLF injection request ├── cpanel_session_mal_authorization.yml # SIGMA rules — detects session use without prior login ├── Schemas/ │ ├── Microsoft Sentinel/ # ARM templates for DCR-based log ingestion into Sentinel │ └── Splunk/ # props.conf stanzas for cPanel log sourcetypes ├── Sentinel_Detections/ # Microsoft Sentinel analytic rules (KQL queries) └── Splunk_Detections/ # Splunk Enterprise Security correlation searches ```

标签：AMSI绕过, ARM模板, CISA项目, cPanel, CRLF注入, CVE-2026-41940, DCR, KQL, Microsoft Sentinel, PB级数据处理, SIGMA规则, Splunk Enterprise Security, URL发现, Web安全, WHM, 关联搜索, 威胁检测, 安全检测, 安全运维, 数据展示, 日志解析, 红队, 蓝队分析, 证书伪造, 身份验证绕过