Skip to content
The Nexus
SECURITYApr 30 · 11:40 UTCBLEEPING COMPUTERBill Toulas

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this