EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Storyline

Critical authentication bypass vulnerability in cPanel and WHM exploited as zero-day

A critical authentication bypass vulnerability (CVE-2026-41940) affecting cPanel, WebHost Manager (WHM), and WP Squared products has been actively exploited as a zero-day for months before a patch was released on April 28, 2026.

Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
BackEvidence (11)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Kritieke kwetsbaarheid in cPanel- en WHM-producten
NCSC NL (News) · ncsc.nl · 2026-04-30 11:25 UTC
View all evidence
Overview

A critical authentication bypass vulnerability (CVE-2026-41940) affecting cPanel, WebHost Manager (WHM), and WP Squared products has been actively exploited as a zero-day for months before a patch was released on April 28, 2026.

Score total
2.33
Momentum 24h
11
Posts
11
Origins
10
Source types
2
Duplicate ratio
9%
Why now
  • Zero-day exploitation has been ongoing for months before patch release.
  • Approximately 1.5 million cPanel instances are potentially vulnerable online.
  • Multiple national cybersecurity agencies have issued urgent advisories and patches.
Why it matters
  • Allows attackers to gain root-level access to millions of web hosting servers.
  • Exploitation can lead to full control over websites and server configurations.
  • Highlights importance of rapid patching for widely used hosting control panels.
Continuity snapshot
  • Trend status: insufficient_history.
  • Continuity stage: broad_confirmed.
  • Current status: open.
  • 11 current source-linked posts are attached to this storyline.
All evidence
All evidence
SecurityWeek report on critical cPanel & WHM zero-day exploitation
securityweek.com · securityweek.com · 2026-04-30 11:10 UTC
cPanel zero-day exploited for months before patch release (CVE-2026-41940)
Help Net Security · helpnetsecurity.com · 2026-04-30 13:40 UTC
Warning: Critical authentication bypass in cPanel & WHM, Patch Immediately!
CERT.BE (BE) - Advisories · ccb.belgium.be · 2026-04-30 12:16 UTC
Kritieke kwetsbaarheid in cPanel- en WHM-producten
NCSC NL (News) · ncsc.nl · 2026-04-30 11:25 UTC
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day
The Register Security · go.theregister.com · 2026-04-30 10:14 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • securityweek.com (1)
  • Help Net Security (1)
  • CERT.BE (BE) - Advisories (1)
  • NCSC NL (News) (1)
  • The Register Security (1)
Top origin domains (this list)
  • securityweek.com (1)
  • helpnetsecurity.com (1)
  • ccb.belgium.be (1)
  • ncsc.nl (1)
  • go.theregister.com (1)