CISA Alerts on cPanel & WHM Flaw Actively Exploited in Attacks

CISA has issued a warning about a newly identified vulnerability in WebPros cPanel & WHM that is actively being exploited in cyberattacks.

The flaw, tracked as CVE-2026-41940, affects both cPanel & WHM and WP2 (WordPress Squared), two widely used web hosting management platforms.

Vulnerability Overview

The vulnerability is classified as a missing authentication issue, mapped to CWE-306. It exists in the login flow of the affected systems and allows remote attackers to bypass authentication entirely.

This means an attacker does not need valid credentials to access the control panel.

Once exploited, threat actors can gain unauthorized administrative access, potentially leading to full compromise of hosted websites, databases, and server configurations.

The vulnerability impacts:

• WebPros cPanel & WHM
• WP2 (WordPress Squared)

These platforms are commonly used by hosting providers and enterprises to manage websites, email services, and server operations, making the vulnerability particularly critical in shared hosting environments.

CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities (KEV) catalog on April 30, 2026, confirming active exploitation.

While there is currently no confirmed link to ransomware campaigns, the nature of the flaw makes it highly attractive to attackers.

Unauthorized access to hosting control panels can allow attackers to:

• Deploy malicious scripts or web shells
• Deface or take down websites
• Exfiltrate sensitive data
• Pivot to other systems within the hosting environment

The lack of authentication significantly lowers the barrier for exploitation, increasing the risk of widespread attacks.

Under Binding Operational Directive (BOD) 22-01, U.S. federal agencies are required to address this vulnerability by May 3, 2026.

Although the directive applies specifically to federal systems, CISA strongly urges all organizations to take immediate action.

Recommended steps include:

• Apply vendor-provided patches or mitigations immediately
• Follow secure configuration practices for cloud-hosted environments
• Monitor systems for suspicious login or administrative activity
• Disconnect or discontinue use of affected products if fixes are unavailable

This vulnerability highlights ongoing risks in web hosting infrastructure, where a single flaw can expose multiple websites and services.

Authentication bypass issues are particularly dangerous because they eliminate the need for credential theft or brute-force attacks.

Organizations relying on cPanel & WHM should treat this issue as critical and assume potential compromise if systems remain unpatched.

The inclusion of CVE-2026-41940 in CISA’s KEV catalog signals a high level of urgency. With active exploitation already observed, organizations must prioritize remediation to prevent unauthorized access and potential large-scale compromise.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post CISA Alerts on cPanel & WHM Flaw Actively Exploited in Attacks appeared first on Cyber Security News.