FeedVulnerabilityA Vulnerability in WHM cPanel and WP Squared Could Allow for...
VulnerabilityCIS Advisories
9.8CRITICAL

A Vulnerability in WHM cPanel and WP Squared Could Allow for Remote Code Execution

📅 4 May 2026 at 16:20 UTC📰 CIS AdvisoriesView original source ↗

A vulnerability has been discovered in WHM, cPanel, and WP Squared that could allow for remote code execution. WHM, cPanel, and WP Squared are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides administrator access to the website backend, webmail, and databases. Successful exploitation could allow unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to the affected systems, ultimately leading to remote code execution.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A vulnerability in WHM cPanel and WP Squared allows for remote code execution, with threat actors actively exploiting CVE-2026-41940 since February 23, 2026, compromising servers and deploying ransomware.

⚙️Technical Details
💥Impact Assessment
Severity: HIGH
🛡️Recommended Actions
1Apply appropriate updates provided by WHM, cPanel, and WP Squared or other vendors which use this software to vulnerable systems immediately after appropriate testing.
2Establish and maintain a documented vulnerability management process for enterprise assets.
3Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis.
📦Affected Products
Cpanel CpanelCpanel WhmCpanel Wp SquaredcPanel & WHM 11.86.0 versions prior to fixed version 11.86.0.41cPanel & WHM 11.110.0 versions prior to fixed version 11.110.0.97WP Squared versions prior to fixed version 136.1.7
🔐NVD Verified DataVERIFIED
CVE-2026-41940CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306
Affected Products (CPE)
Cpanel CpanelCpanel WhmCpanel Wp Squared

Read the full article

This is a curated summary. The complete article is available at CIS Advisories.

Read on CIS Advisories
← Back to feed