Critical cPanel and WHM Auth Bypass CVE-2026-41940 Exploited as Zero-Day Since February

CVE-2026-41940 is a critical authentication bypass in cPanel, WHM, and WP Squared (WP2) that has been under active exploitation since at least late February 2026. CISA added it to the Known Exploited Vulnerabilities catalog today. A public proof-of-concept is now available, raising the risk of opportunistic mass exploitation. Attackers can gain administrative access to vulnerable servers without credentials.

cPanel powers an estimated 20+ million websites across shared hosting environments globally. Hosting providers and administrators running unpatched cPanel installations should patch immediately. If patching is not immediately possible, restrict management port access (port 2083, 2087) to trusted IP ranges only.