Vulnerability Description
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cpanel | Cpanel | >= 11.40, < 86.0.41 |
| Cpanel | Whm | >= 11.40, < 86.0.41 |
| Cpanel | Wp Squared | < 136.1.7 |
Related Weaknesses (CWE)
References
- https://docs.cpanel.net/release-notes/release-notesRelease Notes
- https://docs.wpsquared.com/changelogs/versions/changelog/#13617Release Notes
- https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Vendor Advisory
- https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerabilityThird Party Advisory
- https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-loThird Party Advisory
- https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-dowExploitThird Party Advisory
- https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploiPress/Media Coverage
- https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.pyExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-US Government Resource
FAQ
What is CVE-2026-41940?
CVE-2026-41940 is a vulnerability with a CVSS score of 9.8 (CRITICAL). cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
How severe is CVE-2026-41940?
CVE-2026-41940 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-41940?
Check the references section above for vendor advisories and patch information. Affected products include: Cpanel Cpanel, Cpanel Whm, Cpanel Wp Squared.