Authentication Bypass Vulnerability in cPanel and WHM
CVE-2026-41940
Key Information:
- Vendor
Webpros
- Status
- Vendor
- CVE Published:
- 29 April 2026
Badges
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability found in cPanel and WHM (WebHost Manager), which are widely used tools for web hosting management. These tools facilitate server management, domain management, and various other functionalities essential for hosting providers and website owners. The vulnerability specifically resides in the login flow of these applications, allowing unauthenticated attackers to gain unauthorized access to the control panel. This unauthorized access can lead to significant risks, including data breaches and server control, compromising the integrity and confidentiality of sensitive information managed by the affected systems.
Potential Impact of CVE-2026-41940
-
Unauthorized Access: The primary impact of CVE-2026-41940 is the ability for attackers to bypass authentication processes, giving them potential remote access to system controls. This could enable malicious actors to manipulate server settings, extract sensitive data, or execute unauthorized commands.
-
Data Breaches: Exploitation of this vulnerability could result in significant data breaches where critical user and business data is exposed, leading to severe consequences for organizations, including regulatory penalties, loss of customer trust, and damage to reputation.
-
Widespread Exploitation: Given the nature of the vulnerability and its existence in widely-used versions of cPanel and WHM, the potential for widespread exploitation increases. Attackers leveraging this vulnerability could orchestrate targeted attacks on numerous organizations, heightening the risk of coordinated ransomware attacks and other malicious activities.
CISA has reported CVE-2026-41940
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-41940 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
cPanel 11.40.0.0
cPanel 11.40.0.0 < 11.86.0.41
cPanel 11.88.0.0 < 11.94.0.28
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Help Net SecurityWeek in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason
3 days ago
It Security NewsCVE-2026-41940Hackers Exploit cPanel Flaw to Gain Control of Thousands of Websites - IT Security News
Hackers are still aggressively exploiting a critical bug in cPanel and WHM, the widely used web hosting control software that powers countless websites across the internet. The flaw, tracked as CVE-2026-41940, lets attackers bypass the login screen and seize…Read more →
4 days ago
It Security NewsCVE-2026-41940Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) - IT Security News
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows…Read more →
1 week ago
References
EPSS Score
87% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Securityweek
- 📈
Vulnerability started trending
Vulnerability published
Vulnerability Reserved