FeedVulnerabilitycPanel 0-Day Authentication Bypass Vulnerability Actively Ex...
VulnerabilityCyber Security News
9.8CRITICAL

cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild — PoC Released

📅 30 April 2026 at 06:42 UTC📰 Cyber Security NewsView original source ↗
cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild — PoC Released

A critical authentication bypass vulnerability in cPanel & WHM has been confirmed to be actively exploited in the wild, sending shockwaves through the global web hosting industry. The flaw, tracked as CVE-2026-41940, allows unauthenticated attackers to bypass login mechanisms entirely, potentially granting root-level access to affected hosting control panels. A public proof-of-concept (PoC) exploit has […] The post cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild — PoC Released appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical authentication bypass vulnerability in cPanel & WHM (CVE-2026-41940) has been actively exploited in the wild, allowing unauthenticated attackers to gain unauthorized access to affected control panels. This vulnerability is considered CRITICAL due to its potential for widespread exploitation.

⚙️Technical Details
Affected Systems
cPanelCpanel WhmAttack Vector: NETWORKWeaknesses: CWE-306
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Web hosting providers and administrators of cPanel & WHM versions after 11.40
🛡️Recommended Actions
1Apply the latest security patches for cPanel & WHM to prevent exploitation.
2Monitor system logs for suspicious activity related to authentication bypass attempts.
3Implement additional security measures, such as multi-factor authentication and access controls.
📦Affected Products
Cpanel CpanelCpanel WhmCpanel Wp Squared
🔐NVD Verified DataVERIFIED
CVE-2026-41940CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306
Affected Products (CPE)
Cpanel CpanelCpanel WhmCpanel Wp Squared

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed