www.securityweek.com 4/30/2026, 11:40:58 AM · via preferred

Critical cPanel Auth Bypass (CVE-2026-41940) Exposes 1.5M Servers

Critical cPanel Auth Bypass (CVE-2026-41940) Exposes 1.5M Servers
Developing story vulnerability 8 articles tracked
Critical cPanel authentication bypass (CVE-2026-41940) exploited worldwide
CyberSIXT Evidence Panel
Primary Source support.cpanel.net
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

SECURITYWEEK reports that hackers have been exploiting a critical authentication bypass in cPanel & WHM, tracked as CVE-2026-41940, with a CVSS score of 9.8, since February 23, 2026, according to KnownHost via a Reddit post and other industry observers. The flaw affects the login flow, enabling remote, unauthenticated attackers to gain administrative access and potentially takeover the cPanel host, its configurations and websites on shared hosting servers.

The Canadian Centre for Cyber Security points out that successful exploitation could allow an attacker to modify server configurations and compromise all websites on affected servers, while Rapid7 notes the broader impact of gaining control over the host and its databases. A Shodan search cited in the coverage shows around 1.5 million internet‑accessible cPanel instances exposed to risk.

Patches were released in several updates, with fixes included in cPanel & WHM versions 11.86.0[.]41, 11.110.0[.]97, 11.118.0[.]63, 11.126.0[.]54, 11.130.0[.]19, 11.132.0[.]29, 11.136.0[.]5, and 11.134.0[.]20, plus WP Squared 136.1.7, and some hosting providers acted quickly to block access while patches were deployed, according to SecurityWeek.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline