CVE-2026-41940 | HackTesting

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

References

https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

https://docs.cpanel.net/release-notes/release-notes

https://docs.wpsquared.com/changelogs/versions/changelog/#13617

https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026

https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow