CVE-2026-41940

vulnerabilities 2026-04-29
cPanel & WHM CVE-2026-41940: Critical Auth Bypass Triggers Global Hosting Lockdown
An unauthenticated CRLF-injection auth bypass in cPanel & WHM (CVSS 9.8) sent every major hosting provider into emergency port-blocking mode within hours of disclosure. All supported release tracks are affected.
cpanel whm authentication-bypass CVE-2026-41940 web-hosting shared-hosting

cPanel & WHM CVE-2026-41940: Critical Auth Bypass Triggers Global Hosting Lockdown