Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940)

April 30, 2026 at 09:40 AM

•

1 min read

Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940) — Photo: BleepingComputer

TL;DR Summary

An authentication-bypass vulnerability in cPanel/WHM (CVE-2026-41940, severity 9.8) affects nearly all supported versions. An emergency patch has been released and admins must run /scripts/upcp --force to install patched builds (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, 11.134.0.20). Unsupported versions will not receive updates; upgrade to a supported version ASAP. If exploited, attackers could gain full control of hosting accounts and servers, enabling backdoors, data theft, spam or malware deployment. Namecheap temporarily blocked ports 2083/2087 to mitigate risk.

Topics:technology #authentication-bypass #cpanel #cve-2026-41940 #emergency-update #security #whm

Share this article

cPanel, WHM emergency update fixes critical auth bypass bug BleepingComputer
The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) watchTowr Labs
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately The Hacker News
All supported cPanel versions hit by critical auth bug, now patched Security Affairs
cPanel CVE-2026-41940 Auth Bypass Flaw: Patch Now Fast! The Cyber Express

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

91%

818 → 75 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights