Critical Vulnerability in cPanel and Web Host Manager (WHM)

CVE-2026-41940 could allow unauthenticated remote attackers to gain unauthorised access to the affected cPanel management console

Threat ID:: CC-4774
Threat Severity:: High
Published:: 30 April 2026 11:34 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2026-41940 could allow unauthenticated remote attackers to gain unauthorised access to the affected cPanel management console

Affected platforms

The following platforms are known to be affected:

cPanel

cPanel & WHM versions

11.40 and later are affected (including DNSOnly)

WP Squared version

136.1.7

Threat details

End-of-Life Versions are Vulnerable

cPanel currently supports versions 11.110, 11.126, 11.134, 11.136. All other versions are end-of-life and do not receive security updates or hotfixes.

Introduction

cPanel has released a security advisory to address a critical vulnerability affecting cPanel and Web Host Manager (WHM). cPanel is a web‑based hosting control panel used to manage servers and websites.

CVE-2026-41940 - 'Authentication Bypass' vulnerability with a a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated remote attacker to gain root-level access on the affected cPanel management console.

Proof-of-Concept Exploit for CVE-2026-41940

Security researchers have published a proof-of-concept exploit for CVE-2026-41940. Additionally, security researchers have reported exploitation of CVE-2026-41940 in the wild. The NHS England National CSOC assesses further exploitation as highly likely.

Remediation advice

Affected organisations must review the cPanel Security Advisory and complete all remediation steps detailed below.

Remediation steps

Type	Step
Action	1. Required: Apply the relevant patches Update the server to one of the patched versions as soon as possible via the cPanel update script: /scripts/upcp --force Note: If you have disabled cPanel updates or pinned your cPanel update configuration to a specific version, then these will not auto-update. Servers running an end-of-life version of cPanel may be affected and must be upgraded to a supported version as soon as possible. https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
Action	2. Required: Verify cPanel build version and restart cPanel Once the update has been completed, verify and confirm the cPanel build version being returned and perform a restart of the cPanel service (cpsrvd): /usr/local/cpanel/cpanel -V /scripts/restartsrv_cpsrvd https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
Action	3. Strongly Recommended: Perform a Compromise Assessment Affected organisations are strongly recommended to use the detection script provided by cPanel to complete a compromise assessment across their environment. https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Type

Step

Action

1. Required: Apply the relevant patches

Update the server to one of the patched versions as soon as possible via the cPanel update script:

/scripts/upcp --force

Note: If you have disabled cPanel updates or pinned your cPanel update configuration to a specific version, then these will not auto-update. Servers running an end-of-life version of cPanel may be affected and must be upgraded to a supported version as soon as possible.

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Action

2. Required: Verify cPanel build version and restart cPanel

Once the update has been completed, verify and confirm the cPanel build version being returned and perform a restart of the cPanel service (cpsrvd):

/usr/local/cpanel/cpanel -V
/scripts/restartsrv_cpsrvd

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Action

3. Strongly Recommended: Perform a Compromise Assessment

Affected organisations are strongly recommended to use the detection script provided by cPanel to complete a compromise assessment across their environment.

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Definitive source of threat updates

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

CVE Vulnerabilities

Status Published

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Last edited: 30 April 2026 11:34 am