In late April 2026, a critical authentication bypass vulnerability was disclosed in cPanel and WHM, tracked as CVE-2026-41940. The issue affects the login flow of these widely deployed hosting control panels and allows a remote, unauthenticated attacker to gain administrative access. Given the prevalence of cPanel across shared and dedicated hosting environments, the vulnerability represents a significant management plane risk. 

cPanel and WHM vulnerability technical details 

CVE-2026-41940 impacts cPanel and WHM installations running versions later than 11.40. According to the National Vulnerability Database, the issue has been assigned a CVSS v3.1 base score of 9.8, reflecting its low attack complexity, network accessibility, and complete impact on confidentiality, integrity, and availability. 

The vulnerability is caused by improper handling of session data during failed login attempts. When a user submits credentials, the cPanel service daemon creates a pre authentication session file on disk. In vulnerable versions, specially crafted input containing carriage return and line feed characters can be injected into this process, allowing arbitrary session attributes to be written without sanitisation. 

By manipulating session cookies and triggering a subsequent session reload, an attacker can cause the system to treat the session as already authenticated. This bypasses password verification checks and grants access to privileged cPanel or WHM interfaces. No valid credentials are required, and exploitation is possible over the standard management ports exposed to the internet. 

Impact summary of CVE-2026-41940 

From a technical perspective, successful exploitation provides administrative access to cPanel or full root level control via WHM. An attacker can modify server configurations, access hosted websites and databases, create or delete accounts, and establish persistent backdoors. 

The business impact can be severe, particularly in shared hosting environments. A single compromised server may expose hundreds or thousands of downstream customer sites, leading to data breaches, service disruption, and reputational damage. Organisations may also face regulatory and contractual consequences if customer data is accessed or altered without authorisation. 

cPanel has released emergency patches addressing CVE-2026-41940. Administrators should update immediately to one of the following fixed versions: 

• cPanel and WHM 11.110.0.97 

• cPanel and WHM 11.118.0.63 

• cPanel and WHM 11.126.0.54 

• cPanel and WHM 11.132.0.29 

• cPanel and WHM 11.134.0.20 

• cPanel and WHM 11.136.0.5 

• WP Squared 11.136.1.7 

Full vendor guidance and details regarding IoC detection is available in the official cPanel security advisory. 

How can Sentrium help? 

Sentrium works with organisations to identify and reduce exposure to high-risk vulnerabilities affecting internet facing infrastructure. Through penetration testing, we help security teams understand where management plane weaknesses exist and how they can be prioritised for remediation. 

If you are unsure whether your hosting environment was exposed to CVE-2026-41940, or would like independent validation of your remediation efforts, our consultants are happy to arrange a meeting.