CVE-2026-41940

CVE Database · CVE-2026-41940

CVE-2026-41940

· CRITICALAnalyzed

CVSS v3.1

9.8

CVSS v4.0

9.3

EPSS

90.54%

Published

Apr 29, 2026

Modified

May 4, 2026

CISA Known Exploited Vulnerability

Added: 2026-04-30 · Due: 2026-05-03

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (11)

All weaponized →

Exploit-DBcPanel - CRLF Injection NucleiNuclei detection template TrickestTrickest PoC index GitHub PoColofsatte/CVE-2026-41940-PoC★202 GitHub PoCassetnote/cpanel2shell-scanner★89

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306

Affected Products (19)

cpanel · cpanel (up to 86.0.41)vulnerable

cpanel · cpanel (up to 110.0.97)vulnerable

cpanel · cpanel (up to 118.0.63)vulnerable

cpanel · cpanel (up to 124.0.35)vulnerable

cpanel · cpanel (up to 126.0.54)vulnerable

cpanel · cpanel (up to 130.0.19)vulnerable

cpanel · cpanel (up to 132.0.29)vulnerable