cPanel & WHM auth bypass hits hosts

// 46d agoSECURITY INCIDENT

cPanel & WHM auth bypass hits hosts

CVE-2026-41940 is a critical authentication bypass in cPanel & WHM's login/session flow that can let unauthenticated attackers reach WHM and take over hosted servers. cPanel has shipped fixed builds, and the incident is being treated as an emergency for internet-exposed panels.

// ANALYSIS

This is a management-plane compromise, not just another web app bug: if WHM falls, the attacker can inherit control over every site, database, and account on that server.

–The vulnerability appears to stem from CRLF injection in session handling, which makes it especially dangerous because it bypasses the normal trust boundary before admin access is established
–cPanel's advisory and third-party research both point to immediate patching as the only real fix; workarounds like blocking panel ports are stopgaps, not a finish line
–The blast radius is large because cPanel is common in shared hosting, so one compromised host can expose many downstream customer sites at once
–Rapid7 and NVD both frame this as an unauthenticated remote takeover issue with CVSS 9.8 severity, so defenders should treat exposed instances as high-priority assets
–Operationally, this is a reminder that hosting control panels are crown-jewel infrastructure and deserve tighter network restriction, log review, and incident response playbooks

// TAGS

cpanel-whmsecurityinfrastructurehosted-serviceself-hosted

DISCOVERED

46d ago

2026-05-02

PUBLISHED

46d ago

2026-05-02

RELEVANCE

8/ 10

AUTHOR

Better Stack

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

OPEN SOURCE1h ago

Steve Sewell launches /visual-plan agent skill

Steve Sewell, CEO of Builder.io, has announced /visual-plan, an open-source skill that converts dense, text-based implementation plans generated by AI coding agents into interactive MDX documents. The tool provides a visual workspace with diagrams, wireframes, and database schemas, allowing developers to review and approve architectural plans before the agent writes code.

LAUNCH1h ago

Aikido launches agentic AI Code Audit

Aikido Security has launched Aikido Code Audit, a security tool that uses agentic AI to identify deep architectural and logical vulnerabilities directly from repository code. Unlike traditional static analysis, the tool reasons across multiple files to trace complex exploit chains without requiring a running staging environment.

RESEARCH1h ago

OpenAI unveils Deployment Simulation safety method

OpenAI has introduced OpenAI Deployment Simulation, a pre-release safety evaluation method that replays 1.3 million de-identified user conversations to predict real-world LLM behavior. By removing assistant answers and simulating production traffic, this approach reduces evaluation awareness in models and achieves a 1.5x median prediction error for harmful behaviors.