Cybersecurity

Critical Auth Bypass Threatens cPanel/WHM Servers, Act Now

By Sentinel News Editorial Team

April 30, 2026 Source: Bleepingcomputer 4 views

A critical authentication bypass vulnerability, identified as CVE-2026-41940 with a CVSS score of 9.8, has been discovered in cPanel and WebHost Manager (WHM), allowing unauthenticated access to web hosting control panels. This severe flaw necessitates an emergency, manual update process for all affected versions, exposing a vast array of websites and server infrastructure to significant risk.

A critical vulnerability (CVE-2026-41940, CVSS 9.8) enables unauthenticated access to cPanel and WHM dashboards.
Emergency updates are available but require manual execution of `/scripts/upcp --force` on affected cPanel/WHM installations.
Exploitation grants attackers full control over hosting accounts, websites, data, and potentially the entire server infrastructure.

Intelligence briefing: Why this matters: For defense and cybersecurity professionals, this vulnerability represents a direct threat to critical web infrastructure, potentially leading to data exfiltration, service disruption, or the weaponization of compromised servers for further attacks against sensitive targets.

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication.

The security issue, currently identified as CVE-2026-41940 and with a severity score of 9.8, has been addressed in an emergency update that requires running a command manually to retrieve a patched version of the software.

Owned by WebPros International, WHM and cPanel are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides administrator access to the website backend, webmail, and databases.

Both products are among the most widely deployed hosting control panels, popular with many hosting providers for their standardized interfaces, ease of use for non-technical users, and deep integration with common hosting stacks.

No technical details have been publicly disclosed, but the severity of the issue appears significant, as Namecheap temporarily blocked access to ports 2083 and 2087 used for WHM and cPanel to protect customers until patches were available.

"We regret to inform you that a critical security vulnerability has been identified in cPanel software affecting all currently supported versions," Namecheap said.

The hosting provider stated that the vulnerability "relates to an authentication login exploit that could allow unauthorized access to the control panel.”

A few hours after Namecheap's notification, cPanel published a security bulletin informing that the security issue had been addressed in the following product versions:

11.110.0.97

11.118.0.63

11.126.0.54

11.132.0.29

11.136.0.5

11.134.0.20

To install a safe version, the vendor recommends that administrators execute the command /scripts/upcp –force, which runs the cPanel update process and forces it to execute even if the system thinks it already runs on the latest version.

Servers running an unsupported version of cPanel are ineligible for security updates. In this case, administrators are recommended to upgrade to a supported version as soon as possible.

An attacker gaining access to cPanel can control everything present in the hosting account, from websites and data to email. They can use the access to plant backdoors or web shells, redirect users to malicious locations, steal sensitive files, send spam or phishing emails, or collect passwords from configuration files.

WHM provides access to the entire server and all the websites it hosts. This means that a threat actor could create and delete cPanel accounts, establish persistent access on the machine, and use it for various malicious activities (e.g., proxy traffic, spam, malware delivery, botnet).

Website owners using the affected management interfaces should ensure that they have updated to a patched version.

Analysis

The pervasive deployment of cPanel and WHM across global web hosting services positions this vulnerability as a significant supply chain risk, with potential implications for government agencies, defense contractors, and critical infrastructure entities that rely on these platforms. Exploitation could enable sophisticated threat actors to establish persistent footholds, conduct espionage, or launch widespread cyberattacks from compromised servers. This incident underscores the continuous challenge in securing foundational web services against high-impact authentication bypasses and highlights the critical need for immediate patching and robust vulnerability management across all digital assets.

cpanelwhmvulnerabilityauthentication bypassserver securityweb hostingcyber defense

Original reporting: https://www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/