SECURITYBLEEPING COMPUTER
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.
Mentioned