Critical cPanel and WHM bug exploited as a zero-day, PoC now available
Summary
A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel, WHM, and WP Squared is being actively exploited as a zero-day. A proof-of-concept (PoC) for this exploit is now publicly available, increasing the risk to affected systems.
IFF Assessment
The active exploitation of a critical vulnerability with a public PoC poses a direct threat to defenders and their systems.
Severity
This CVSS score is estimated based on the description of an authentication bypass vulnerability that is actively exploited in the wild as a zero-day, with a public PoC. Such vulnerabilities typically have a high attack vector and significant impact on confidentiality, integrity, and availability.
Defender Context
This critical vulnerability allows attackers to bypass authentication on cPanel and WHM, putting servers at risk of compromise. Defenders should prioritize patching or implementing mitigations immediately, especially given the availability of exploit code and active exploitation.