← Back
2026-04-29 15:10CVE-2026-41940VulnCheck
PUBLISHED5.2CWE-306

cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Problem type

Affected products

cPanel, L.L.C.

cPanel & WHM

< 11.110.0.97 - AFFECTED

< 11.118.0.63 - AFFECTED

< 11.126.0.54 - AFFECTED

< 11.132.0.29 - AFFECTED

< 11.134.0.20 - AFFECTED

< 11.136.0.5 - AFFECTED

WP Squared

< 11.136.1.7 - AFFECTED

References

support.cpanel.net

https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

vendor-advisorypatch
docs.cpanel.net

https://docs.cpanel.net/release-notes/release-notes

release-notes
docs.wpsquared.com

https://docs.wpsquared.com/changelogs/versions/changelog/#13617

release-notes
namecheap.com

https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026

third-party-advisory
vulncheck.com

https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow

third-party-advisory

GitHub Security Advisories

GHSA-85qr-8rxc-62gv

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20,...

https://github.com/advisories/GHSA-85qr-8rxc-62gv

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-41940

docs.cpanel.net

https://docs.cpanel.net/release-notes/release-notes

docs.wpsquared.com

https://docs.wpsquared.com/changelogs/versions/changelog/#13617

support.cpanel.net

https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

namecheap.com

https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026

vulncheck.com

https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow

github.com

https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

github.com

https://github.com/advisories/GHSA-85qr-8rxc-62gv

From Hacker News

CPanel and WHM Authentication Bypass Affecting 70M Domainshttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
5 points | pjf | 2026-04-29T20:23:44Z | 0 comments
CPanel and WHM Authentication Bypasshttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
1 points | teapowered | 2026-04-30T11:48:13Z | 0 comments

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-41940
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-41940",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-04-29T15:34:10.334Z",
    "dateReserved": "2026-04-22T18:50:43.621Z",
    "datePublished": "2026-04-29T15:10:37.899Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-04-29T15:10:37.899Z"
      },
      "datePublic": "2026-04-28T19:00:00.000Z",
      "title": "cPanel and WHM Authentication Bypass via Login Flow",
      "descriptions": [
        {
          "lang": "en",
          "value": "cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "cPanel, L.L.C.",
          "product": "cPanel & WHM",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "11.110.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.110.0.97"
            },
            {
              "version": "11.118.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.118.0.63"
            },
            {
              "version": "11.126.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.126.0.54"
            },
            {
              "version": "11.132.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.132.0.29"
            },
            {
              "version": "11.134.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.134.0.20"
            },
            {
              "version": "11.136.0",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.136.0.5"
            }
          ]
        },
        {
          "vendor": "cPanel, L.L.C.",
          "product": "WP Squared",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "11.136.1",
              "status": "affected",
              "versionType": "semver",
              "lessThan": "11.136.1.7"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "cweId": "CWE-306",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026",
          "tags": [
            "vendor-advisory",
            "patch"
          ]
        },
        {
          "url": "https://docs.cpanel.net/release-notes/release-notes",
          "tags": [
            "release-notes"
          ]
        },
        {
          "url": "https://docs.wpsquared.com/changelogs/versions/changelog/#13617",
          "tags": [
            "release-notes"
          ]
        },
        {
          "url": "https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL"
          }
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-04-29T15:34:10.334Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}