CPanel and WHM Authentication Bypass – CVE-2026-41940
labs.watchtowr.com
April 30, 2026
18 min read
🔥🔥🔥🔥🔥
55/100
Summary
cPanel and WHM are vulnerable to an authentication bypass exploit identified as CVE-2026-41940. This vulnerability could allow unauthorized access to affected systems, posing significant security risks.
Key Takeaways
- The cPanel & WHM vulnerability CVE-2026-41940 affects all currently supported versions, allowing for an authentication bypass.
- KnownHost confirmed that exploitation of this vulnerability has been occurring in the wild, making it a zero-day threat.
- cPanel has released patched versions to address the vulnerability, including updates for versions 110.0.x, 118.0.x, 126.0.x, 132.0.x, 134.0.x, and 136.0.x.
- WatchTowr clients can autonomously mitigate threats using AI-driven rapid reaction capabilities in response to emerging vulnerabilities.
Community Sentiment
Positives
- The prompt disclosure of vulnerabilities by companies is commendable, as it helps protect users and mitigates potential exploitation in the black market.
Concerns
- The implementation of reversible encryption for passwords in the system is a significant security flaw, indicating a lack of understanding of basic security principles.
- The reliance on outdated technologies like Perl for critical systems raises concerns about long-term security and maintainability.