CVE-2026-41940

{"id": "CVE-2026-41940", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-29T16:16:25.037", "references": [{"url": "https://docs.cpanel.net/release-notes/release-notes", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://docs.wpsquared.com/changelogs/versions/changelog/#13617", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026", "tags": ["Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel."}], "lastModified": "2026-05-04T18:09:42.300", "cisaActionDue": "2026-05-03", "cisaExploitAdd": "2026-04-30", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D018D47F-B020-41B1-8755-9197EB8673D3", "versionEndExcluding": "86.0.41", "versionStartIncluding": "11.40"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF3DBAC-D629-44A9-B102-2D8F82709CA2", "versionEndExcluding": "110.0.97", "versionStartIncluding": "88.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EEFF12C-11E8-4A5C-9C72-BA1A422A9E72", "versionEndExcluding": "118.0.63", "versionStartIncluding": "112.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5533AA73-5007-4820-A5C6-0460C486882D", "versionEndExcluding": "124.0.35", "versionStartIncluding": "120.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C0513D-8C56-4C5F-B818-E2CE90223AD4", "versionEndExcluding": "126.0.54", "versionStartIncluding": "126.0.1"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5FE32EC-AEFB-4B27-AE65-A95432CAA812", "versionEndExcluding": "130.0.19", "versionStartIncluding": "128.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24982921-6C0D-478E-BBF1-7C9DC7023760", "versionEndExcluding": "132.0.29", "versionStartIncluding": "132.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0213A2B-4A5A-4098-87FF-517E33F96807", "versionEndExcluding": "134.0.20", "versionStartIncluding": "134.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09F99F08-1FB9-4BC6-8C7D-52062BA28479", "versionEndExcluding": "136.0.5", "versionStartIncluding": "136.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63BE6DEF-A6EA-4545-9A3D-E1BA84A50EC7", "versionEndExcluding": "86.0.41", "versionStartIncluding": "11.40"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E9C069-EA63-4B95-9229-45AD97563532", "versionEndExcluding": "110.0.97", "versionStartIncluding": "88.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FCD52CF-3F10-4FFA-8FC7-AA5F370AF9B8", "versionEndExcluding": "118.0.63", "versionStartIncluding": "112.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED81103-D03E-4351-9C19-1B3F120268D6", "versionEndExcluding": "124.0.35", "versionStartIncluding": "120.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DC3D6F0-8D07-4719-977E-DB978AEB7A67", "versionEndExcluding": "126.0.54", "versionStartIncluding": "126.0.1"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6C216F5-330D-4DAA-B042-1A4707FF658E", "versionEndExcluding": "130.0.19", "versionStartIncluding": "128.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8793EED8-BDBD-4CC8-9698-FCEE769CFB5B", "versionEndExcluding": "132.0.29", "versionStartIncluding": "132.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53AC31A0-AD91-4897-89E7-1C05AF03BF5A", "versionEndExcluding": "134.0.20", "versionStartIncluding": "134.0.0"}, {"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D646D3-2BDC-44C8-8C5F-9E21B0613A48", "versionEndExcluding": "136.0.5", "versionStartIncluding": "136.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "80392939-B45D-4C12-ADBB-334E783BDE67", "versionEndExcluding": "136.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability"}