A critical authentication bypass vulnerability, tracked as CVE-2026-41940, is being actively exploited in cPanel, WHM, and WP Squared, allowing attackers to bypass security measures without valid credentials. This zero-day bug has been leveraged in attempts since late February, with proof-of-concept code now publicly available1. The vulnerability's exploitation expands the attack surface, making it essential for administrators to prioritize mitigation based on their exposure and evidence of exploitation. cPanel and WHM users are particularly at risk, as the bug can be used to gain unauthorized access to sensitive systems. The fact that this vulnerability is being actively exploited in the wild underscores the need for swift action to patch or workaround the issue. So what matters to practitioners is that they must immediately assess their exposure to CVE-2026-41940 and take corrective action to prevent potential security breaches.
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
⚠️ Critical Alert
Why This Matters
CVE-2026-41940 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- BleepingComputer. (2026, April 30). Critical cPanel and WHM bug exploited as a zero-day, PoC now available. BleepingComputer. https://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/
Original Source
BleepingComputer
Read original →