CVE-2026-41940 (GCVE-0-2026-41940)
Vulnerability from cvelistv5 – Published: 2026-04-29 15:10 – Updated: 2026-05-01 03:55
VLAI?
CISA KEV
Title
WebPros cPanel and WHM Authentication Bypass via Login Flow
Summary
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WebPros | cPanel |
Affected:
11.40.0.0 , < 11.86.0.41
(custom)
Affected: 11.88.0.0 , < 11.110.0.97 (custom) Affected: 11.112.0.0 , < 11.118.0.63 (custom) Affected: 11.120.0.0 , < 11.126.0.54 (custom) Affected: 11.128.0.0 , < 11.130.0.19 (custom) Affected: 11.132.0.0 , < 11.132.0.29 (custom) Affected: 11.134.0.0 , < 11.134.0.20 (custom) Affected: 11.136.0.0 , < 11.136.0.5 (custom) |
||||||||||||
|
||||||||||||||
Date Public ?
2026-04-28 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 494e7521-f818-4040-8b8d-ac9818d42390
Exploited: Yes
Timestamps
First Seen: 2026-04-30
Asserted: 2026-04-30
Scope
Notes: KEV entry: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability | Affected: WebPros / cPanel & WHM and WP2 (WordPress Squared) | Description: WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940"
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-306 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | cPanel & WHM and WP2 (WordPress Squared) |
| Due Date | 2026-05-03 |
| Date Added | 2026-04-30 |
| Vendorproject | WebPros |
| Vulnerabilityname | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-04-30 17:00 UTC
| Updated: 2026-04-30 17:00 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41940",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T03:55:47.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "CVE-2026-41940 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "cPanel",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WP Squared",
"vendor": "WebPros",
"versions": [
{
"status": "unaffected",
"version": "11.136.1.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WHM",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.118.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.134.0.20",
"versionStartIncluding": "11.134.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.136.0.5",
"versionStartIncluding": "11.136.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.86.0.41",
"versionStartIncluding": "11.86.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.18",
"versionStartIncluding": "11.130.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.118.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.134.0.20",
"versionStartIncluding": "11.134.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.136.0.5",
"versionStartIncluding": "11.136.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0",
"versionStartIncluding": "11.86.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.18",
"versionStartIncluding": "11.130.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:*:*:*",
"versionEndExcluding": "136.1.7",
"versionStartIncluding": "136.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T17:32:32.294Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.cpanel.net/release-notes/release-notes"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.wpsquared.com/changelogs/versions/changelog/#13617"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WebPros cPanel and WHM Authentication Bypass via Login Flow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41940",
"datePublished": "2026-04-29T15:10:37.899Z",
"dateReserved": "2026-04-22T18:50:43.621Z",
"dateUpdated": "2026-05-01T03:55:47.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-41940",
"cwes": "[\"CWE-306\"]",
"dateAdded": "2026-04-30",
"dueDate": "2026-05-03",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940\"",
"product": "cPanel \u0026 WHM and WP2 (WordPress Squared)",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "WebPros cPanel \u0026 WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.",
"vendorProject": "WebPros",
"vulnerabilityName": "WebPros cPanel \u0026 WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability"
},
"epss": {
"cve": "CVE-2026-41940",
"date": "2026-05-01",
"epss": "0.28361",
"percentile": "0.96528"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41940\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-04-29T16:16:25.037\",\"lastModified\":\"2026-04-30T19:51:26.270\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-04-30\",\"cisaActionDue\":\"2026-05-03\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"WebPros cPanel \u0026 WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability\",\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.40\",\"versionEndExcluding\":\"86.0.41\",\"matchCriteriaId\":\"D018D47F-B020-41B1-8755-9197EB8673D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"88.0.0\",\"versionEndExcluding\":\"110.0.97\",\"matchCriteriaId\":\"9BF3DBAC-D629-44A9-B102-2D8F82709CA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"112.0.0\",\"versionEndExcluding\":\"118.0.63\",\"matchCriteriaId\":\"3EEFF12C-11E8-4A5C-9C72-BA1A422A9E72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"120.0.0\",\"versionEndExcluding\":\"126.0.54\",\"matchCriteriaId\":\"8D08A091-B8A6-4811-9626-DD88367DB0BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"128.0.0\",\"versionEndExcluding\":\"130.0.19\",\"matchCriteriaId\":\"B5FE32EC-AEFB-4B27-AE65-A95432CAA812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"132.0.0\",\"versionEndExcluding\":\"132.0.29\",\"matchCriteriaId\":\"24982921-6C0D-478E-BBF1-7C9DC7023760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"134.0.0\",\"versionEndExcluding\":\"134.0.20\",\"matchCriteriaId\":\"B0213A2B-4A5A-4098-87FF-517E33F96807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"136.0.0\",\"versionEndExcluding\":\"136.0.5\",\"matchCriteriaId\":\"09F99F08-1FB9-4BC6-8C7D-52062BA28479\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.40\",\"versionEndExcluding\":\"86.0.41\",\"matchCriteriaId\":\"63BE6DEF-A6EA-4545-9A3D-E1BA84A50EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"88.0.0\",\"versionEndExcluding\":\"110.0.97\",\"matchCriteriaId\":\"74E9C069-EA63-4B95-9229-45AD97563532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"112.0.0\",\"versionEndExcluding\":\"118.0.63\",\"matchCriteriaId\":\"2FCD52CF-3F10-4FFA-8FC7-AA5F370AF9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"120.0.0\",\"versionEndExcluding\":\"126.0.54\",\"matchCriteriaId\":\"8A7F00EA-1450-40D6-B8A4-32AAE88D4A97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"128.0.0\",\"versionEndExcluding\":\"130.0.19\",\"matchCriteriaId\":\"C6C216F5-330D-4DAA-B042-1A4707FF658E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"132.0.0\",\"versionEndExcluding\":\"132.0.29\",\"matchCriteriaId\":\"8793EED8-BDBD-4CC8-9698-FCEE769CFB5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"134.0.0\",\"versionEndExcluding\":\"134.0.20\",\"matchCriteriaId\":\"53AC31A0-AD91-4897-89E7-1C05AF03BF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"136.0.0\",\"versionEndExcluding\":\"136.0.5\",\"matchCriteriaId\":\"23D646D3-2BDC-44C8-8C5F-9E21B0613A48\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"136.1.7\",\"matchCriteriaId\":\"80392939-B45D-4C12-ADBB-334E783BDE67\"}]}]}],\"references\":[{\"url\":\"https://docs.cpanel.net/release-notes/release-notes\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.wpsquared.com/changelogs/versions/changelog/#13617\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41940\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-30T16:41:31.725741Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-30\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940\"}}}], \"references\": [{\"url\": \"https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-29T15:34:02.425Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-30T00:00:00.000Z\", \"value\": \"CVE-2026-41940 added to CISA KEV\"}]}], \"cna\": {\"title\": \"WebPros cPanel and WHM Authentication Bypass via Login Flow\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WebPros\", \"product\": \"cPanel\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.40.0.0\", \"lessThan\": \"11.86.0.41\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.88.0.0\", \"lessThan\": \"11.110.0.97\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.112.0.0\", \"lessThan\": \"11.118.0.63\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.120.0.0\", \"lessThan\": \"11.126.0.54\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.128.0.0\", \"lessThan\": \"11.130.0.19\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.132.0.0\", \"lessThan\": \"11.132.0.29\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.134.0.0\", \"lessThan\": \"11.134.0.20\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.136.0.0\", \"lessThan\": \"11.136.0.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"WebPros\", \"product\": \"WP Squared\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"11.136.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"WebPros\", \"product\": \"WHM\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.40.0.0\", \"lessThan\": \"11.86.0.41\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.88.0.0\", \"lessThan\": \"11.110.0.97\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.112.0.0\", \"lessThan\": \"11.118.0.63\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.120.0.0\", \"lessThan\": \"11.126.0.54\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.128.0.0\", \"lessThan\": \"11.130.0.19\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.132.0.0\", \"lessThan\": \"11.132.0.29\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.134.0.0\", \"lessThan\": \"11.134.0.20\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.136.0.0\", \"lessThan\": \"11.136.0.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-04-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://docs.cpanel.net/release-notes/release-notes\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.wpsquared.com/changelogs/versions/changelog/#13617\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.110.0.97\", \"versionStartIncluding\": \"11.110.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.118.0.63\", \"versionStartIncluding\": \"11.118.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.126.0.54\", \"versionStartIncluding\": \"11.126.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.132.0.29\", \"versionStartIncluding\": \"11.132.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.134.0.20\", \"versionStartIncluding\": \"11.134.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.136.0.5\", \"versionStartIncluding\": \"11.136.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.86.0.41\", \"versionStartIncluding\": \"11.86.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.130.0.18\", \"versionStartIncluding\": \"11.130.0\"}], \"operator\": \"OR\"}]}, {\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.110.0.97\", \"versionStartIncluding\": \"11.110.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.118.0.63\", \"versionStartIncluding\": \"11.118.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.126.0.54\", \"versionStartIncluding\": \"11.126.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.132.0.29\", \"versionStartIncluding\": \"11.132.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.134.0.20\", \"versionStartIncluding\": \"11.134.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.136.0.5\", \"versionStartIncluding\": \"11.136.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.130.0\", \"versionStartIncluding\": \"11.86.0\"}, {\"criteria\": \"cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.130.0.18\", \"versionStartIncluding\": \"11.130.0\"}], \"operator\": \"OR\"}]}, {\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"136.1.7\", \"versionStartIncluding\": \"136.1.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-04-30T17:32:32.294Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41940\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-30T22:20:23.918Z\", \"dateReserved\": \"2026-04-22T18:50:43.621Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-04-29T15:10:37.899Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…