TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

NetSPI

CVE-2026-41940 cPanel & WHM Authentication Bypass Overview and Takeaways

Emily Hinderaker · 4 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
94%
“, 2077, 2078 ) to trusted ip ranges only. these interfaces should never be exposed to the public internet. netspi product and services coverage netspi ’ s external attack surface management service has released detections for this vulnerability. detection name : vulnerable versio…”
T1190Exploit Public-Facing Application
67%
“cve - 2026 - 41940 cpanel & whm authentication bypass overview and takeaways cpanel has disclosed a critical authentication bypass vulnerability affecting cpanel & whm and wp squared, tracked as cve - 2026 - 41940 ( cvss 9. 8 ). the flaw allows a remote, unauthenticated attacker …”
T1190Exploit Public-Facing Application
57%
“do? we recommend the following steps to identify and remediate this vulnerability : review and audit identify all cpanel & whm and wp squared instances within your environment. confirm installed versions against the list above. check whether auto - update is enabled and confirm p…”
T1068Exploitation for Privilege Escalation
32%
“cve - 2026 - 41940 cpanel & whm authentication bypass overview and takeaways cpanel has disclosed a critical authentication bypass vulnerability affecting cpanel & whm and wp squared, tracked as cve - 2026 - 41940 ( cvss 9. 8 ). the flaw allows a remote, unauthenticated attacker …”

Summary

cPanel has disclosed a critical authentication bypass vulnerability affecting cPanel & WHM and WP Squared, tracked as CVE-2026-41940 (CVSS 9.8). The flaw allows a remote, unauthenticated attacker to gain root-level administrative access by injecting arbitrary values into a server-side session file, effectively bypassing all credential checks.

The post CVE-2026-41940 cPanel & WHM Authentication Bypass Overview and Takeaways appeared first on NetSPI.