THREAT OPS › CVEs › CVE-2026-41940
CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Vulnerability details
- Affected productscPanel & WHM and WP2 (WordPress Squared)
- KEV remediation due2026-05-03
Related reporting
- The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)watchtowr
- [CISA KEV] CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilitycisa_kev
- April 2026 CVE Landscaperecordedfuture