ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:40:05 UTC
← All briefs
CRITICALCyber IntelligenceFriday, May 1, 2026

cPanel authentication bypass exploited in wild since February

Critical vulnerability CVE-2026-41940 in cPanel, WHM, and WP Squared is under active exploitation with public proof-of-concept code now available.

A critical authentication bypass vulnerability in cPanel and Web Host Manager (WHM) has been exploited as a zero-day since late February, according to BleepingComputer. The flaw, tracked as CVE-2026-41940, also affects WP Squared and allows attackers to circumvent authentication controls.

The vulnerability has been actively leveraged in attacks for at least two months before public disclosure. Proof-of-concept exploit code is now publicly available, lowering the barrier for additional threat actors to weaponize the flaw.

cPanel and WHM are widely deployed control panel systems used by hosting providers and enterprises to manage web servers, domains, and email accounts. An authentication bypass in these platforms grants attackers administrative access to server infrastructure, customer data, and hosted websites. WP Squared, a WordPress management tool integrated with cPanel, is similarly affected.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Open free accountSign in
Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
For continuous monitoring
See subscription tiers — from $49/mo →
Implications
  • 01Hosting providers and enterprises using cPanel must patch immediately or face administrative takeover.
  • 02Customers of affected hosting providers may experience data exposure or service disruption.
  • 03Public PoC availability will accelerate exploitation attempts across unpatched infrastructure.
Source
BleepingComputer
https://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#cpanel#authentication bypass#zero-day#web hosting#cve-2026-41940#whm
Related Briefs
HIGHCyber1d ago

Multi-Year Phishing Campaign Compromises Over 500 Organizations

A sustained phishing operation has breached more than 500 entities across aviation, energy, logistics, and critical infrastructure over several years.

Source · SecurityWeekRead →
HIGHCyber2d ago

JDownloader site compromised to distribute Python RAT malware

Popular download manager's official website served malicious Windows and Linux installers this week, deploying remote access trojan to unsuspecting users.

Source · BleepingComputerRead →
CRITICALCyber3d ago

Linux zero-day grants root access across major distributions

Dirty Frag exploit enables local privilege escalation with a single command, affecting most enterprise Linux deployments currently in production.

Source · BleepingComputerRead →