cPanel/WHM Security Vulnerability: Authentication Bypass in Login Flow[
Posted: Fri May 01, 2026 1:55 am
cPanel/WHM Security Vulnerability: Authentication Bypass in Login Flow
Overview
A critical security vulnerability has been disclosed in cPanel & WHM.
The issue is tracked as:
CVE-2026-41940
It affects cPanel & WHM versions after 11.40, including DNSOnly systems. The vulnerability is an authentication bypass in the login flow.
---
What does that mean?
An authentication bypass means that an attacker may be able to access protected parts of the control panel without valid login credentials.
That is especially serious because cPanel/WHM is used to manage:
---
Why is this critical?
Overview
A critical security vulnerability has been disclosed in cPanel & WHM.
The issue is tracked as:
CVE-2026-41940
It affects cPanel & WHM versions after 11.40, including DNSOnly systems. The vulnerability is an authentication bypass in the login flow.
---
What does that mean?
An authentication bypass means that an attacker may be able to access protected parts of the control panel without valid login credentials.
That is especially serious because cPanel/WHM is used to manage:
- websites
- domains
- email accounts
- DNS zones
- databases
- hosting accounts
- server configuration
---
Why is this critical?
- cPanel/WHM is often exposed to the internet
- The issue affects many supported versions
- It involves authentication logic
- Control panels usually have high privileges
- Successful exploitation may lead to full server compromise