FeedVulnerabilityCritical cPanel zero-day auth bypass exploited since Februar...
VulnerabilityCyber Insider
9.8CRITICAL

Critical cPanel zero-day auth bypass exploited since February

📅 30 April 2026 at 09:07 UTC📰 Cyber InsiderView original source ↗
Critical cPanel zero-day auth bypass exploited since February

A critical authentication bypass vulnerability in cPanel & WHM is being actively exploited, allowing remote attackers to gain full administrative access to affected servers without credentials. The flaw, tracked as CVE-2026-41940, has received a near-maximum severity score and impacts millions of internet-facing systems. The issue was disclosed by cPanel on April 28, 2026, and assigned … The post Critical cPanel zero-day auth bypass exploited since February appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical authentication bypass vulnerability in cPanel & WHM has been actively exploited since February, allowing remote attackers to gain full administrative access to affected servers without credentials.

⚙️Technical Details
Affected Systems
cPanel & WHM versions after 11.40
Attack Vectors
NETWORKCRLF (carriage return line feed) injection and flawed session-handling logic
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Systems running cPanel & WHM, potentially tens of millions of internet-facing systems
🛡️Recommended Actions
1Apply updates immediately using the built-in cPanel update mechanism and verify that systems are running a patched version.
2Temporarily block access to cPanel and WHM ports (2083 and 2087) across networks to limit exposure while patches are deployed.
3Monitor for suspicious activity and implement additional security measures to prevent exploitation
📦Affected Products
cPanel & WHMWP Squared version 11.136.1.7
🔐NVD Verified DataVERIFIED
CVE-2026-41940CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider
← Back to feed