Threat Intelligence / CVE / CVE-2026-41940
CVE-2026-41940
CISA KEVcPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-306
References
- https://docs.cpanel.net/release-notes/release-notes
- https://docs.wpsquared.com/changelogs/versions/changelog/#13617
- https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
- https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026
- https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow
- https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940
Full detection coverage & IOCs for threats exploiting CVE-2026-41940 are available via the Threadlinqs MCP server (Purple tier). View plans →