A critical authentication bypass vulnerability, identified as CVE-2026-41940, is being actively exploited in cPanel, a widely used web hosting control panel platform1. This severe flaw affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared, a WordPress hosting management panel built on the cPanel platform. Approximately 1.5 million potential targets have been identified through internet scans conducted by Rapid7 using the Shodan search engine. The Cybersecurity and Infrastructure Security Agency (CISA) is closely monitoring the situation, and the exploitation status will determine whether immediate patching or continued monitoring is necessary. The widespread use of cPanel and the active exploitation of this vulnerability make it a significant concern for web hosting providers and users, so patching or mitigating this vulnerability is crucial to prevent unauthorized access to sensitive data and systems.
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
⚡ High Priority
Why This Matters
CVE-2026-41940 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, April 30). cPanel’s authentication bypass bug is being exploited in the wild, CISA warns. CyberScoop. https://cyberscoop.com/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited/
Original Source
CyberScoop
Read original →