Black & White Path

May 1, 2026 · Information Security

Deep Dive into cPanel/WHM Auth Bypass Vulnerability (CVE‑2026‑41940)

watchTowr Labs discovered a critical authentication bypass in all supported cPanel & WHM versions (CVE‑2026‑41940) that allows remote attackers to inject session files via crafted HTTP requests, gain root access, and has been observed in the wild; the article details the flaw, exploitation chain, impact, and mitigation steps.