SECURITYCYBERSCOOP
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.
Mentioned