CPANEL ZERO-DAY ACTIVELY EXPLOITED, POC RELEASED

The Vulnerability CVE-2026-41940 is a critical authentication bypass flaw affecting cPanel, WHM, and WP Squared. The vulnerability allows attackers to circumvent authentication mechanisms, potentially granting unauthorized access to hosting control panels and administrative functions. Active Exploitation Security researchers have confirmed active exploitation attempts dating back to late February. The release of a public proof-of-concept has significantly expanded the attack surface, enabling a broader range of threat actors to leverage the flaw. Risk Assessment The combination of a critical severity rating and public exploit code creates an urgent threat landscape. Organizations running affected versions face elevated risk of unauthorized access, data breaches, and potential lateral movement within hosting infrastructure. Affected Systems The vulnerability impacts multiple cPanel and WHM versions. WP Squared installations are also vulnerable. Administrators should immediately identify and inventory affected systems across their infrastructure. Recommended Actions Organizations should prioritize patching to the latest available versions. Interim mitigations may include restricting access to administrative interfaces, monitoring authentication logs for suspicious activity, and implementing network-level controls on management ports. Timeline While initial exploitation attempts occurred in late February, the public release of proof-of-concept code has accelerated the threat timeline. The window for remediation has narrowed considerably. cPanel and WHM administrators should treat this as a critical priority and coordinate patching across their infrastructure immediately. The availability of public exploit code means this vulnerability will likely see widespread exploitation efforts in the coming days.