News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Authentication bypass vulnerability in cPanel and WHM

Authentication bypass vulnerability in cPanel and WHM

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

4:00PM, 1 May 2026

TLP Rating: Clear

Authentication bypass vulnerability in cPanel and WHM

The NCSC would like to draw your attention to CVE-2026-41940 affecting cPanel and WHM. We are aware of public proof-of-concept (PoC) code and reports of active exploitation of this vulnerability.

CVE-2026-41940 is an authentication bypass vulnerability in cPanel and WHM that can allow an unauthenticated remote attacker to gain unauthorised access to the control panel.

What's happening

Systems affected

Patches are currently available for the following vulnerable versions:

  • cPanel & WHM 11.110.0.96
  • cPanel & WHM 11.118.0.61
  • cPanel & WHM 11.126.0.53
  • cPanel & WHM 11.132.0.27
  • cPanel & WHM 11.134.0.19
  • cPanel & WHM 11.136.0.4

Note: Not all vulnerable versions have had a patch released.

What to look for

How to tell if you're affected

cPanel is currently working on patches for versions not included in the list above. It is recommended that you follow the vendor’s instructions until you can update to a supported version.

What to do

Mitigation

Refer to the vendor advisory for remediation.

More information

Read more about this alert on the vendor website:

CVE-2026-41940 affecting cPanel and WHM External Link

If you require more information or further support, submit a report on our website:

Report an incident