EXECUTIVE SUMMARY:
CVE-2026-41940 with a CVSS score of 9.8 is a critical authentication bypass vulnerability in cPanel and WHM affecting all versions after v11.40. The flaw exploits CRLF injection in the login and session-loading processes, allowing an unauthenticated attacker to manipulate the whostmgrsession cookie and gain full root-level administrative access without valid credentials. An attacker can exploit this vulnerability through a web-based attack vector, requiring no prior access or authentication. By leveraging this vulnerability, an attacker gains full administrative access to the affected system, enabling them to perform a wide range of malicious activities, including data exfiltration, system compromise, and potentially even lateral movement within the network. If exploited, this vulnerability can have significant business consequences, including the loss of sensitive data, compromised system integrity, and potential disruptions to critical business operations. Notably, exploitation of this vulnerability is possible even without valid credentials, and prerequisites for successful exploitation include the presence of a vulnerable cPanel or WHM version.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-41940 with a CVSS score of 9.8 is a critical authentication bypass vulnerability in cPanel and WHM affecting all versions after v11.40. The flaw exploits CRLF injection in the login and session-loading processes, allowing an unauthenticated attacker to manipulate the whostmgrsession cookie and gain full root-level administrative access without valid credentials. An attacker can exploit this vulnerability through a web-based attack vector, requiring no prior access or authentication. By leveraging this vulnerability, an attacker gains full administrative access to the affected system, enabling them to perform a wide range of malicious activities, including data exfiltration, system compromise, and potentially even lateral movement within the network. If exploited, this vulnerability can have significant business consequences, including the loss of sensitive data, compromised system integrity, and potential disruptions to critical business operations. Notably, exploitation of this vulnerability is possible even without valid credentials, and prerequisites for successful exploitation include the presence of a vulnerable cPanel or WHM version.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/cpanel-vulnerability-exploited/