Security Advisory

CPanel Product Security Update Advisory (CVE-2026-41940)

  • May 04 2026
CPanel Product Security Update Advisory (CVE-2026-41940)

Overview

a security update has been issued for a vulnerability in the cPanel product. the targets are cPanel & WHM and WP Squared, and the vulnerability is an authentication bypass vulnerability identified as CVE-2026-41940.

Affected Products

the following versions and earlier are affected

  • cPanel & WHM 11.86.0.41 and earlier.
  • cPanel & WHM 11.110.0.112 and earlier.
  • cPanel & WHM 11.118.0.64 or earlier.
  • cPanel & WHM less than 11.124.0.35.
  • cPanel & WHM 11.126.0.56 or lower.
  • cPanel & WHM 11.130.0.19 or earlier.
  • cPanel & WHM 11.132.0.29 or lower.
  • cPanel & WHM 11.134.0.23 or earlier.
  • cPanel & WHM 11.136.0.7 or lower.
  • WP Squared 136.1.7 or lower.

Workaround

a patch for CVE-2026-41940 has been made available in the latest update. updating to the known baseline version will fix the vulnerability.

Notes

official guidance is provided in the Security: CVE-2026-41940 – cPanel & WHM / WP2 Security Update 04/28/2026 and WebPros cPanel and WHM Authentication Bypass via Login Flow articles.

Tags:
Previous Post

Next Post