Authentication Bypass Vulnerability in cPanel and WHM
CVE-2026-41940
Key Information:
- Vendor
Webpros
- Status
- Vendor
- CVE Published:
- 29 April 2026
Badges
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability found in cPanel and WHM (WebHost Manager), which are widely used tools for web hosting management. These tools facilitate server management, domain management, and various other functionalities essential for hosting providers and website owners. The vulnerability specifically resides in the login flow of these applications, allowing unauthenticated attackers to gain unauthorized access to the control panel. This unauthorized access can lead to significant risks, including data breaches and server control, compromising the integrity and confidentiality of sensitive information managed by the affected systems.
Potential Impact of CVE-2026-41940
-
Unauthorized Access: The primary impact of CVE-2026-41940 is the ability for attackers to bypass authentication processes, giving them potential remote access to system controls. This could enable malicious actors to manipulate server settings, extract sensitive data, or execute unauthorized commands.
-
Data Breaches: Exploitation of this vulnerability could result in significant data breaches where critical user and business data is exposed, leading to severe consequences for organizations, including regulatory penalties, loss of customer trust, and damage to reputation.
-
Widespread Exploitation: Given the nature of the vulnerability and its existence in widely-used versions of cPanel and WHM, the potential for widespread exploitation increases. Attackers leveraging this vulnerability could orchestrate targeted attacks on numerous organizations, heightening the risk of coordinated ransomware attacks and other malicious activities.
CISA has reported CVE-2026-41940
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-41940 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
cPanel 11.40.0.0
cPanel 11.40.0.0 < 11.86.0.41
cPanel 11.88.0.0 < 11.94.0.28
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
It Security NewsCVE-2026-41940Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) - IT Security News
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows…Read more →
3 days ago
Help Net SecurityCVE-2026-41940Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) - Help Net Security
An active attack campaign targeting CVE-2026-41940 in cPanel has resulted in data theft and the deployment of a backdoor.
3 days ago
It Security NewsCVE-2026-41940Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers - IT Security News
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an apocalyptic maximum severity score of 9.8, this critical flaw has essentially handed the keys to the kingdom directly to…Read more →
4 days ago
References
EPSS Score
74% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Securityweek
- 📈
Vulnerability started trending
Vulnerability published
Vulnerability Reserved