cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass
Security researchers dissect CVE-2026-41940, a universal authentication bypass in cPanel & WHM caused by flawed session handling. The flaw can let attackers create preauth sessions and write plaintext credentials to on-disk session files when the encoding step is skipped (e.g., missing cookie ob-part), enabling exploitation via crafted login flows and Basic-auth headers. Patches exist across multiple release lines, and KnownHost reports in-the-wild activity; watchTowr Labs also releases a detection artifact generator for defenders.