A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared has been actively exploited since late February, allowing attackers to gain control over the affected systems. cPanel issued an emergency update on April 28 to address the issue, which is caused by improper session handling, and recommended users to block external access to certain ports or restart internal services until the patch is applied.
The critical insight for you is the active exploitation of the CVE-2026-41940 zero-day vulnerability in cPanel and WHM, which allows attackers to bypass authentication and potentially take control of systems. Immediate action is required to patch affected versions, and if patching is not possible, block access to specific ports and restart critical services to mitigate the risk. Use the provided detection tools to assess exposure and ensure systems are secure.