CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
CISA KEV vulnerabilitycvecisa-kevactively-exploited
CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

Image via

CVE-2026-41940 — WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

What This Means For You

  • CISA has confirmed active exploitation — immediate patching required.
  • Added to CISA KEV catalog — federal agencies must remediate by 2026-05-03.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Valid Accounts: Web Services Initial Access

Indicators of Compromise

IDTypeIndicator
CVE-2026-41940 Auth Bypass WebPros cPanel & WHM
CVE-2026-41940 Auth Bypass WebPros WP2 (WordPress Squared)
CVE-2026-41940 Auth Bypass authentication bypass vulnerability in the login flow

Written by SCW Vulnerability Desk

🔎
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot →
Source & Attribution
Source PlatformCISA
ChannelCISA KEV
Channel IDcisa-kev
Message ID202641940
PublishedApril 30, 2026 at 15:00 UTC
Original Linkhttps://support.cpanel.net/hc/en-us/articles/400737875796...

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7429 — The STL Processing Endpoint That Cross-Site Scripting (XSS)

CVE-2026-7429 — SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /4.6 /⚑ 2 IOCs /⚙ 3 Sigma
Featured

Daily Security Digest — 2026-04-30

20 vulnerability disclosures (3 Critical, 17 High) and 16 curated intelligence stories from 5 sources.

daily-digestvulnerabilityCVEhigh-severityout-of-bounds-1cwe-125path-traversalcwe-23null-pointer-dereferencecwe-476
/SCW Daily Digest /CRITICAL

CVE-2026-7461: Amazon ECS Agent Vulnerability Allows SYSTEM Privilege Escalation

CVE-2026-7461 — Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on...

vulnerabilityCVEhigh-severitycwe-78
/SCW Vulnerability Desk /HIGH /7.2 /⚑ 4 IOCs /⚙ 3 Sigma