CVE-2026-41940

🗓️ 29 Apr 2026 15:10:37Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 112 Media mentions👁 380 Views🌐 WEB

Authentication bypass in cPanel login flow allows unauthenticated remote access on older versions.

Reporter	Title	Published	Views	Family All 87
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	1 May 202616:27	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	6 Jun 202612:49	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	27 May 202600:16	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	8 May 202614:05	–	githubexploit
GithubExploit	indo-cpanel-exploit	26 May 202619:59	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	5 May 202623:39	–	githubexploit
GithubExploit	Exploit for CVE-2026-41940	30 Apr 202617:08	–	githubexploit
GithubExploit	Exploit for CVE-2026-41940	30 Apr 202608:11	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	1 May 202612:09	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Cpanel	1 May 202601:34	–	githubexploit

NVD

Vulners

CNA

Node

cpanel cpanelRange11.40–86.0.41

cpanel cpanelRange88.0.0–110.0.97

cpanel cpanelRange112.0.0–118.0.63

cpanel cpanelRange120.0.0–124.0.35

cpanel cpanelRange126.0.1–126.0.54

cpanel cpanelRange128.0.0–130.0.19

cpanel cpanelRange132.0.0–132.0.29

cpanel cpanelRange134.0.0–134.0.20

cpanel cpanelRange136.0.0–136.0.5

Node

cpanel whmRange11.40–86.0.41

cpanel whmRange88.0.0–110.0.97

cpanel whmRange112.0.0–118.0.63

cpanel whmRange120.0.0–124.0.35

cpanel whmRange126.0.1–126.0.54

cpanel whmRange128.0.0–130.0.19

cpanel whmRange132.0.0–132.0.29

cpanel whmRange134.0.0–134.0.20

cpanel whmRange136.0.0–136.0.5

Node

cpanel wp_squaredRange<136.1.7wordpress

[
  {
    "defaultStatus": "affected",
    "vendor": "WebPros",
    "product": "cPanel",
    "versions": [
      {
        "status": "affected",
        "version": "11.40.0.0",
        "versionType": "custom",
        "lessThan": "11.86.0.41"
      },
      {
        "status": "affected",
        "version": "11.88.0.0",
        "versionType": "custom",
        "lessThan": "11.94.0.28"
      },
      {
        "status": "affected",
        "version": "11.96.0.0",
        "versionType": "custom",
        "lessThan": "11.102.0.39"
      },
      {
        "status": "affected",
        "version": "11.104.0.0",
        "versionType": "custom",
        "lessThan": "11.110.0.97"
      },
      {
        "status": "affected",
        "version": "11.112.0.0",
        "versionType": "custom",
        "lessThan": "11.118.0.63"
      },
      {
        "status": "affected",
        "version": "11.120.0.0",
        "versionType": "custom",
        "lessThan": "11.124.0.35"
      },
      {
        "status": "affected",
        "version": "11.126.0.0",
        "versionType": "custom",
        "lessThan": "11.126.0.54"
      },
      {
        "status": "affected",
        "version": "11.128.0.0",
        "versionType": "custom",
        "lessThan": "11.130.0.19"
      },
      {
        "status": "affected",
        "version": "11.132.0.0",
        "versionType": "custom",
        "lessThan": "11.132.0.29"
      },
      {
        "status": "affected",
        "version": "11.134.0.0",
        "versionType": "custom",
        "lessThan": "11.134.0.20"
      },
      {
        "status": "affected",
        "version": "11.136.0.0",
        "versionType": "custom",
        "lessThan": "11.136.0.5"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "vendor": "WebPros",
    "product": "WP Squared",
    "versions": [
      {
        "status": "unaffected",
        "version": "11.136.1.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "vendor": "WebPros",
    "product": "WHM",
    "versions": [
      {
        "status": "affected",
        "version": "11.40.0.0",
        "versionType": "custom",
        "lessThan": "11.86.0.41"
      },
      {
        "status": "affected",
        "version": "11.88.0.0",
        "versionType": "custom",
        "lessThan": "11.94.0.28"
      },
      {
        "status": "affected",
        "version": "11.96.0.0",
        "versionType": "custom",
        "lessThan": "11.102.0.39"
      },
      {
        "status": "affected",
        "version": "11.104.0.0",
        "versionType": "custom",
        "lessThan": "11.110.0.97"
      },
      {
        "status": "affected",
        "version": "11.112.0.0",
        "versionType": "custom",
        "lessThan": "11.118.0.63"
      },
      {
        "status": "affected",
        "version": "11.120.0.0",
        "versionType": "custom",
        "lessThan": "11.124.0.35"
      },
      {
        "status": "affected",
        "version": "11.126.0.0",
        "versionType": "custom",
        "lessThan": "11.126.0.54"
      },
      {
        "status": "affected",
        "version": "11.128.0.0",
        "versionType": "custom",
        "lessThan": "11.130.0.19"
      },
      {
        "status": "affected",
        "version": "11.132.0.0",
        "versionType": "custom",
        "lessThan": "11.132.0.29"
      },
      {
        "status": "affected",
        "version": "11.134.0.0",
        "versionType": "custom",
        "lessThan": "11.134.0.20"
      },
      {
        "status": "affected",
        "version": "11.136.0.0",
        "versionType": "custom",
        "lessThan": "11.136.0.5"
      }
    ]
  }
]

Source	Link
support	www.support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
docs	www.docs.cpanel.net/release-notes/release-notes
vulncheck	www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow
docs	www.docs.wpsquared.com/changelogs/versions/changelog/
namecheap	www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026
github	www.github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py
labs	www.labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
bleepingcomputer	www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
login_only	request body	/login	Authentication bypass via CRLF injection during login; initial session minting.	CWE-306
user	request body	/login	Authentication bypass via CRLF injection during login; initial session minting.	CWE-306
pass	request body	/login	Authentication bypass via CRLF injection during login; initial session minting.	CWE-306
Cookie	header	/<cpsess_token>/scripts2/listaccts	Promotes injected fields to session cache via listaccts endpoint.	CWE-306
api.version	query param	/<cpsess_token>/json-api/version	WHM JSON API call to retrieve version, used to verify bypass.	CWE-306
user	request body	/<cpsess_token>/json-api/passwd	WHM passwd API to set temporary root password as part of exploitation.	CWE-306
password	request body	/<cpsess_token>/json-api/passwd	WHM passwd API to set temporary root password as part of exploitation.	CWE-306

06 May 2026 15:48Current

5.5Medium risk

Vulners AI Score5.5

CVSS 49.3

CVSS 3.19.8

EPSS0.90949

SSVC