Critical cPanel and WHM bug exploited as a zero-day, PoC now available

Thursday, April 30, 2026 at 11:40 AM UTC·Source: BleepingComputer

Updated: Thursday, April 30, 2026 at 05:46 PM UTC

Executive Summary

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]

Analysis

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]

Indicators of Compromise (1)

CVE (1)

CVE-2026-41940

NVD MITRE CVE

Source Attribution

Originally published by BleepingComputer on Apr 30, 2026.

Related Threats

CRITICALZero Day

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking

The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek .

1h agoSecurityWeek

CRITICALZero Day

Ivanti warns of new EPMM flaw exploited in zero-day attacks

Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

1h agoBleepingComputer

MEDIUMZero Day

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff

5h agoThe Hacker News