New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

CVE-2026-41940

cPanel and WHM Authentication Bypass | Critical Remote Access Risk

A critical authentication bypass vulnerability in cPanel and WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel. Tracked as CVE-2026-41940 and rated CVSS 9.8, this flaw impacts the login flow itself, effectively removing the need for valid credentials. Given cPanel’s role as the control plane for hosting environments, successful exploitation can result in full compromise of websites, data, and server infrastructure.

Technical Details

CVE-2026-41940 is an authentication bypass vulnerability in the cPanel and WHM login flow. The issue allows remote attackers to establish authenticated sessions without providing valid credentials. Because exploitation occurs pre-authentication, it requires no prior access and no user interaction.

Once access is obtained, attackers can operate with control panel privileges, enabling:

  • Administrative access to hosting configurations
  • Full control over websites and hosted applications
  • Access to databases and sensitive customer data
  • Interception or manipulation of email accounts
  • Potential for persistence, lateral movement, or full server compromise

This is a high-impact vulnerability due to cPanel’s central role in multi-tenant hosting environments. A single compromise can cascade across all managed domains and services.

Stop Guessing, Start Proving

Attack path diagram showing authentication bypass in cPanel and WHM leading to unauthorized administrative access and system compromise
Schedule a demo

NodeZero® Proactive Security Platform — Rapid Response

A NodeZero Rapid Response test has been developed to safely validate whether this authentication bypass can be exploited in your environment. The test executes real attack techniques without causing damage, giving teams immediate clarity on exposure.

  • Run the Rapid Response test: Launch from the NodeZero platform to determine if unauthorized access is possible
  • Patch immediately: Upgrade to a fixed version based on your cPanel release tier
  • Re-run the test: Confirm the vulnerability is no longer exploitable after remediation

Affected versions & patch

Affected
cPanel and WHM versions prior to the patched releases are vulnerable.

Patch
cPanel has released fixes across multiple tiers. Upgrade to one of the following or later:

  • 11.110.0.97
  • 11.118.0.63
  • 11.126.0.54
  • 11.132.0.29
  • 11.134.0.20
  • 11.136.0.5

If patching cannot be performed immediately, restrict access to cPanel and WHM interfaces to trusted administrative networks only and limit exposure of management ports.

Timeline

April 28, 2026 – cPanel WHM Security Update (04-28-2026) published, disclosing the vulnerability and fixes
April 28, 2026 – Third-Party Advisory issued warning of risk in hosting environments
April 29, 2026 – CVE-2026-41940 published with CVSS 9.8 critical severity

References

Read about other CVEs

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By