CVE Catalog

CVE-2026-41940

Critical
Published: Translated: NVD NIST

Summary

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Risk Assessment

This vulnerability could lead to unauthorized access to sensitive data and management functions, posing a serious security threat to the organization.

Recommendation

It is recommended to update to the latest version of cPanel and WHM to mitigate this vulnerability and implement additional security measures such as access log monitoring.

Original NVD description (English source)

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS