Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

"Successful exploitation of CVE-2026-41940 grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages."

"Upon a failed login attempt, the cPanel service daemon would write a pre-authentication session file to the disk, allowing attackers to manipulate a cookie."

CVE-2026-41940 is a critical-severity authentication bypass vulnerability in cPanel & WHM, affecting versions after 11.40. Disclosed on April 28, it allows remote, unauthenticated attackers to gain administrative access, potentially compromising all websites on shared hosting servers. Successful exploitation enables attackers to modify server configurations and control databases. A Shodan search indicates approximately 1.5 million cPanel instances are exposed. The vulnerability has been actively exploited since February 23, 2026, prompting hosting providers to block access to affected systems immediately after notification.

#cpanel #whm #cybersecurity #vulnerability #authentication-bypass

Read at SecurityWeek

Unable to calculate read time

Collection

[

...

]

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for MonthsCritical cPanel & WHM Vulnerability Exploited as Zero-Day for Months Briefly

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
Briefly