cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass

April 29, 2026 at 11:35 PM

•

1 min read

cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass — Photo: watchTowr Labs

TL;DR Summary

Security researchers dissect CVE-2026-41940, a universal authentication bypass in cPanel & WHM caused by flawed session handling. The flaw can let attackers create preauth sessions and write plaintext credentials to on-disk session files when the encoding step is skipped (e.g., missing cookie ob-part), enabling exploitation via crafted login flows and Basic-auth headers. Patches exist across multiple release lines, and KnownHost reports in-the-wild activity; watchTowr Labs also releases a detection artifact generator for defenders.

Topics:technology #authentication-bypass #cpanel #cpanel-whm #cve-2026-41940 #security #session-management

Share this article

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) watchTowr Labs
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately The Hacker News
cPanel Releases Emergency Patch for Critical Authentication Flaw gbhackers.com
All supported cPanel versions hit by critical auth bug, now patched Security Affairs
cPanel Authentication Bypass Was Already Being Exploited Before the Patch Even Dropped cyberkendra.com

Reading Insights

Total Reads

Unique Readers

Time Saved

18 min

vs 19 min read

Condensed

98%

3,754 → 73 words

Want the full story? Read the original article

Read on watchTowr Labs

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights