Signal
Critical authentication bypass vulnerability discovered in cPanel and WHM
Evidence first: scan the strongest sources, then decide whether to go deeper.
redditrss
cvevulnerabilitysecurity_advisoryincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical vulnerability (CVE-2026-41940) affecting cPanel and WebHost Manager (WHM) has been identified, allowing unauthenticated remote attackers to bypass authentication and gain administrative access.
Entities
cPanelCanadian Centre for Cyber SecurityWHM
Score total
1.7
Momentum 24h
5
Posts
5
Origins
4
Source types
2
Duplicate ratio
20%
Why now
- Security updates were released very recently on April 28, 2026, requiring urgent patching.
- Active exploitation in the wild increases immediate threat to unpatched systems.
- High severity (CVSS 9.8) demands prompt attention from IT professionals and administrators.
Why it matters
- Allows attackers to gain full administrative control over web hosting servers.
- Exploitation can compromise websites, databases, and server configurations.
- Millions of internet-exposed cPanel instances are potentially vulnerable, increasing risk of widespread attacks.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- CVE-2026-41940 allows unauthenticated remote attackers to bypass authentication and gain administrative access to cPanel and WHM systems.
- Security updates fixing CVE-2026-41940 were released on April 28, 2026, covering multiple cPanel and WHM versions.
- The vulnerability is actively exploited in the wild, with approximately 1.5 million exposed cPanel instances potentially vulnerable.
How sources frame it
- Canadian Centre For Cyber Security: neutral
All evidence
All evidence
Canadian Centre for Cyber Security - Alerts
cyber.gc.ca · cyber.gc.ca · 2026-04-29 18:21 UTC
Rapid7 Blog
rapid7.com · rapid7.com · 2026-04-29 20:00 UTC
The Hacker News
thehackernews.com · thehackernews.com · 2026-04-29 09:37 UTC
The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs (via Reddit)
labs.watchtowr.com · labs.watchtowr.com · 2026-04-29 18:13 UTC
cPanel security advisory (AV26-404)
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-04-29 17:17 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 4Duplicates: -
Showing 5 / 0
Top publishers (this list)
- cyber.gc.ca (1)
- rapid7.com (1)
- thehackernews.com (1)
- labs.watchtowr.com (1)
- Canadian Centre for Cyber Security - Alerts (1)
Top origin domains (this list)
- cyber.gc.ca (2)
- rapid7.com (1)
- thehackernews.com (1)
- labs.watchtowr.com (1)