(TLP:CLEAR) Critical Vulnerability Affecting cPanel and WebHost Manager (WHM) – CVE-2026-41940

ACTION MAY BE REQUIRED for utilities using cPanel and WebHost Manager (WHM) for web hosting and server management. Utilities that outsource technology support may need to consult with their service providers for assistance with remediation actions.

Summary: On Tuesday, a critical vulnerability (CVE-2026-41940) was disclosed affecting cPanel and WebHost Manger (WHM), which are widely used web hosting and server management software. The vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrative access to affected systems. Successful exploitation could enable attackers to take control of hosted websites, databases, and email accounts; modify server configurations; and potentially impact downstream systems.

Reporting indicates this vulnerability is likely to be actively exploited, and exploitation in the wild has already been observed.

Analyst Note: Utilities are encouraged to review the advisories from cPanel and the Canadian Centre for Cyber Security and apply vendor-recommended patches or upgrades as soon as possible. Organizations unable to immediately patch may consider restricting access to management interfaces until updates can be applied. WaterISAC also encourages members to review logs for signs of unauthorized access and remain alert for suspicious activity.

Original Source: https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Additional Reading:

• Alert – AL26-008 – Vulnerability affecting cPanel and WebHost Manager (WHM) – CVE-2026-41940
• CVE-2026-41940: cPanel & WHM Authentication Bypass

Related WaterISAC PIRs: 6, 8, 10, 11, 12