Skip to content
The Nexus
SECURITYApr 30 · 20:49 UTCCYBERSCOOPGreg Otto

cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this