HIGHVulnerability
Verified
Global

CISA KEV: WebPros cPanel & WHM and WP2 (WordPress Squared) — WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Analysis

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. Added to CISA Known Exploited Vulnerabilities catalog on 2026-04-30. Remediation due: 2026-05-03.

Indicators of Compromise (1)

CVE (1)
CVE-2026-41940
NVDMITRE CVE
Source Attribution

Originally published by CISA KEV on Apr 30, 2026. Verified by: CISA.

Related Threats

MEDIUMVulnerabilityNEW

NMI acquires Dwolla

Embedded payments firm NMI has acquired API-first account-to-account transaction vendor Dwolla.

Finextra
MEDIUMVulnerabilityNEW

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

CaixaBank launches a carbon credit trading platform to help clients offset their emissions

CaixaBank CIB has launched a carbon credit trading platform, a tool designed to make it easier for corporate clients and businesses to voluntarily offset CO2 emissions.

Finextra