tldrdailynews.com logo
Tag

Cve 2026 41940

All articles tagged with #cve 2026 41940

Active cPanel/WHM zero-day exploit prompts rapid patch after PoC release
security1 day ago

Active cPanel/WHM zero-day exploit prompts rapid patch after PoC release

A critical authentication-bypass vulnerability CVE-2026-41940 in cPanel/WHM and WP Squared is being actively exploited in the wild; recent technical details and a PoC show CRLF injection in login/session handling that can grant control without a password. cPanel issued a patch on April 28, while mitigations include restarting cpsrvd, blocking ports 2083/2087/2095/2096 if patching isn’t immediate, and using provided detection scripts to verify compromise.

via BleepingComputer|
#cpanel#cve-2026-41940#exploitation
Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940)
security2 days ago

Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940)

An authentication-bypass vulnerability in cPanel/WHM (CVE-2026-41940, severity 9.8) affects nearly all supported versions. An emergency patch has been released and admins must run /scripts/upcp --force to install patched builds (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, 11.134.0.20). Unsupported versions will not receive updates; upgrade to a supported version ASAP. If exploited, attackers could gain full control of hosting accounts and servers, enabling backdoors, data theft, spam or malware deployment. Namecheap temporarily blocked ports 2083/2087 to mitigate risk.

via BleepingComputer|
#authentication-bypass#cpanel#cve-2026-41940
cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass
security2 days ago

cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass

Security researchers dissect CVE-2026-41940, a universal authentication bypass in cPanel & WHM caused by flawed session handling. The flaw can let attackers create preauth sessions and write plaintext credentials to on-disk session files when the encoding step is skipped (e.g., missing cookie ob-part), enabling exploitation via crafted login flows and Basic-auth headers. Patches exist across multiple release lines, and KnownHost reports in-the-wild activity; watchTowr Labs also releases a detection artifact generator for defenders.

via watchTowr Labs|
#authentication-bypass#cpanel#cpanel-whm