{“lastseen”:””,”description”:”cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.”,”published”:”2026-04-29T15:10:37.899Z”,”modified”:”2026-04-29T15:10:37.899Z”,”type”:”cve”,”title”:”cPanel and WHM Authentication Bypass via Login Flow”,”source”:”VulnCheck”,”references”:”https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-cPanel-WHM-Security-Update-04-28-2026\\nhttps:\/\/docs.cpanel.net\/release-notes\/release-notes\\nhttps:\/\/docs.wpsquared.com\/changelogs\/versions\/changelog\/#13617\\nhttps:\/\/www.namecheap.com\/status-updates\/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026\\nhttps:\/\/www.vulncheck.com\/advisories\/cpanel-and-whm-authentication-bypass-via-login-flow”,”id”:”CVE-2026-41940″,”bulletinFamily”:””,”cwe”:[“CWE-306″],”cvelist”:null,”sourceData”:”cPanel, L.L.C. cPanel \\u0026 WHM 11.110.0\\ncPanel, L.L.C. cPanel \\u0026 WHM 11.118.0\\ncPanel, L.L.C. cPanel \\u0026 WHM 11.126.0\\ncPanel, L.L.C. cPanel \\u0026 WHM 11.132.0\\ncPanel, L.L.C. cPanel \\u0026 WHM 11.134.0\\ncPanel, L.L.C. cPanel \\u0026 WHM 11.136.0\\ncPanel, L.L.C. WP Squared 11.136.1″,”sourceHref”:””,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”cPanel \\u0026 WHM”,”version”:”11.110.0″,”vendor”:”cPanel, L.L.C.”,”ai_description”:”Authentication bypass vulnerability in cPanel and WHM login flow”,”ai_severity”:”Critical”,”ai_vendor”:”cPanel, L.L.C.”,”ai_product”:”cPanel and WHM”,”ai_version”:”11.110.0, 11.118.0, 11.126.0, 11.132.0, 11.134.0, 11.136.0″,”ai_score”:9.3}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,55,12,13,7,11,5],"class_list":["post-50176","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n