Rapid Reaction – cPanel Authentication Bypass Vulnerability (CVE-2026-41940)

A cPanel authentication bypass vulnerability (CVE-2026-41940) has been disclosed, affecting cPanel & WHM installations across multiple versions. The flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to control panel interfaces — putting hosted websites, databases, and server configurations at risk.

watchTowr Labs, our dedicated vulnerability research and exploit development team, has assessed this cPanel & WHM vulnerability and confirmed its potential for exploitation in environments where these services are internet-exposed.

The watchTowr Labs Blog has a more detailed analysis of the vulnerability.

This analysis triggered our AI-Driven Rapid Reaction capability, allowing clients to determine their exposure and giving security teams the time they need to respond before exploitation begins.

If you need urgent help assessing exposure to the cPanel authentication bypass, contact watchTowr here.

What Is cPanel & WHM? (Affected Product Overview)

cPanel & WHM is a web-based control panel platform widely used by hosting providers, system administrators, and enterprises to manage web hosting accounts, domains, databases, and server configurations. The platform is critical infrastructure for many organizations that rely on web hosting services and provides administrative access to sensitive server resources – making any authentication bypass in cPanel a high-impact security event.

What Is the cPanel Authentication Bypass Vulnerability?

The cPanel authentication bypass vulnerability (CVE-2026-41940) allows attackers to circumvent normal authentication processes in cPanel & WHM installations. This class of vulnerability typically occurs when authentication logic contains flaws that allow access without valid credentials.

Successful exploitation could allow unauthorized users to access administrative interfaces, potentially leading to complete compromise of hosted websites, databases, and server configurations managed through the affected cPanel installation. Given cPanel’s prevalence across shared hosting environments, the blast radius of a successful exploit can extend to thousands of downstream sites per compromised server.

Affected cPanel & WHM Versions

How To Mitigate the cPanel Authentication Bypass

1. Identify all cPanel & WHM installations in your environment and determine their current versions
2. Check the official cPanel security advisory for specific version information and patch availability for CVE-2026-41940
3. Apply security updates immediately, available from cPanel
4. Monitor access logs for suspicious authentication attempts or unauthorized access
5. Consider implementing additional access controls or network restrictions for cPanel interfaces until patches are applied

Patched cPanel & WHM Versions

How watchTowr Helps You Respond to the cPanel Vulnerability

The watchTowr Platform delivers Preemptive Exposure Management, identifying, validating, and tracking external exposure across enterprise environments.

• watchTowr Instinct: assessed the cPanel Authentication Bypass Vulnerability as high-likelihood for in-the-wild exploitation in real-time as the vulnerability was disclosed
• Adversary Sight engine: identified cPanel & WHM instances across client environments and assessed exposure
• Automated Red Teaming engine: validated exploitability of affected instances using real-world attacker tactics and techniques
• Rapid Reaction: was leveraged across the watchTowr client base to identify exposure to this vulnerability and give teams the time they need to act
• Active Defense: released targeted network-level mitigations to clients, enabling immediate risk reduction while permanent fixes are applied

When exploitation happens in hours, watchTowr delivers what no one else can: time to respond. Request a demo to see how Rapid Reaction protects your environment from emerging threats like CVE-2026-41940, the cPanel authentication bypass vulnerability.