FeedVulnerabilityCISA Warns of cPanel & WHM Vulnerability Exploited in Attack...
VulnerabilityCyber Security News
9.8CRITICAL

CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks

📅 4 May 2026 at 08:59 UTC📰 Cyber Security NewsView original source ↗
CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms. CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively abusing it in real-world attacks. Tracked as CVE-2026-41940, the defect targets WebPros […] The post CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM versions after 11.40 has been exploited by threat actors, allowing unauthenticated remote attackers to gain unauthorized access to the control panel.

⚙️Technical Details
Affected Systems
cPanelCpanel WhmAttack Vector: NETWORKWeaknesses: CWE-306
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Web hosting management platforms and organizations using cPanel & WHM versions after 11.40
🛡️Recommended Actions
1Immediately update to the latest version of cPanel & WHM (version 11.40 or later)
2Implement additional security measures, such as multi-factor authentication and network segmentation
3Monitor for suspicious activity and conduct regular vulnerability scans
📦Affected Products
Cpanel CpanelCpanel WhmCpanel Wp SquaredcPanel Cpanel
🔐NVD Verified DataVERIFIED
CVE-2026-41940CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306
Affected Products (CPE)
Cpanel CpanelCpanel WhmCpanel Wp Squared

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed