Skip to main content

Cpanel Whm

1 CVEs product

Monthly

CVE-2026-41940 CRITICAL POC KEV EUVD KEV PATCH THREAT NEWS Act Now

Authentication bypass in cPanel & WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting a flaw in the login flow. The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, an EPSS score of 16.52% (95th percentile), and affects multiple long-term support branches of cPanel & WHM as well as WP Squared. Given that cPanel administers shared hosting environments, successful exploitation typically grants attackers control over many downstream customer sites.

Authentication Bypass Cpanel Whm Wp Squared
NVD GitHub VulDB Exploit-DB
CVSS 4.0
9.3
EPSS
16.5%
Threat
5.4
EPSS 17% 5.4 CVSS 9.3
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

Authentication bypass in cPanel & WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting a flaw in the login flow. The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, an EPSS score of 16.52% (95th percentile), and affects multiple long-term support branches of cPanel & WHM as well as WP Squared. Given that cPanel administers shared hosting environments, successful exploitation typically grants attackers control over many downstream customer sites.

Authentication Bypass Cpanel Whm Wp Squared
NVD GitHub VulDB Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy