VulnerabilityBleeping Computer
9.8 — CRITICAL
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel and WHM has been actively exploited since late February, allowing attackers to gain unauthorized access to control panels and websites managed by the affected systems.
⚙️Technical Details
💥Impact Assessment
Severity: Critical
🛡️Recommended Actions
1Restart the 'cpsrvd' service after installing the latest releases of the software
2Block external access to ports 2083, 2087, 2095, and 2096, or stop the cpsrvd and cpdavd cPanel internal core services
3Purge sessions, reset all credentials, audit logs, and investigate persistence mechanisms
📦Affected Products
Cpanel:cPanel/WHM versions after 11.40Whm:cPanel/WHM versions after 11.40Wp Squared:WP Squared 11.136.1
🔐NVD Verified DataVERIFIED
CVE-2026-41940 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-306
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.