CVE-2026-41940

LLM-synthesized narrative grounded in this CVE's description and references.

• CPanel/Cpanel2 versions

  cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*+ 1 more

  • cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*range: >=11.40,<86.0.41
  • (no CPE)range: > 11.40
• CPanel/Whm2 versions

  cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*+ 1 more

  • cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*range: >=11.40,<86.0.41
  • (no CPE)range: > 11.40
• CPanel/Wp Squared

  cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:wordpress:*:*

  Range: <136.1.7

• labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/nvdExploitThird Party Advisory
• support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026nvdVendor Advisory
• www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026nvdThird Party Advisory
• www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flownvdThird Party Advisory
• docs.cpanel.net/release-notes/release-notesnvdRelease Notes
• docs.wpsquared.com/changelogs/versions/changelog/nvdRelease Notes
• www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/nvdPress/Media Coverage
• www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

• LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
  The Hacker News · May 23, 2026
• Metasploit Wrap Up 05/22/2026
  Rapid7 Blog · May 22, 2026
• Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
  Help Net Security · May 17, 2026
• Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
  Help Net Security · May 12, 2026
• cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
  The Hacker News · May 11, 2026
• Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
  Help Net Security · May 10, 2026
• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
  The Hacker News · May 9, 2026
• Risky Business #836 -- You can't patch the bugpocalypse
  Risky Business · May 6, 2026
• Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
  Dark Reading · May 4, 2026
• ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
  The Hacker News · May 4, 2026
• 4th May – Threat Intelligence Report
  Check Point Research · May 4, 2026
• Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
  Help Net Security · May 4, 2026
• Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
  The Hacker News · May 4, 2026
• Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
  SecurityWeek · May 4, 2026
• Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
  Help Net Security · May 3, 2026
• Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
  BleepingComputer · May 2, 2026
• Federal agencies must patch cPanel bug by Sunday, CISA says
  The Record · May 1, 2026
• First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
  The Register Security · May 1, 2026
• Actively exploited cPanel bug exposes millions of websites to takeover
  Malwarebytes Labs · May 1, 2026
• cPanel zero-day exploited for months before patch release (CVE-2026-41940)
  Help Net Security · Apr 30, 2026
• Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
  The Register Security · Apr 30, 2026
• CVE-2026-41940: cPanel & WHM Authentication Bypass
  Rapid7 Blog · Apr 29, 2026
• The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
  watchTowr Labs · Apr 29, 2026
• Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
  The Hacker News · Apr 29, 2026
• CISA Adds One Known Exploited Vulnerability to Catalog
  CISA Alerts