(rapid7.com) Critical Authentication Bypass Vulnerability in cPanel & WHM and WP Squared (CVE-2026-41940): Exploitation and Mitigation
-
(rapid7.com) Critical Authentication Bypass Vulnerability in cPanel & WHM and WP Squared (CVE-2026-41940): Exploitation and Mitigation
Critical zero-day authentication bypass (CVE-2026-41940, CVSS 9.8) in cPanel & WHM and WP Squared is actively exploited in the wild. Attackers gain admin access via CRLF injection in session handling. Patch immediately—1.5M instances exposed.
In brief - A severe authentication bypass flaw in cPanel & WHM/WP Squared (CVE-2026-41940) allows unauthenticated remote attackers to gain admin access. Exploitation is confirmed, with 1.5M systems at risk. Patching is urgent.
Technically - CVE-2026-41940 stems from a CRLF injection in the `cpsrvd` daemon’s session file handling. Attackers manipulate the `whostmgrsession` cookie via crafted basic auth headers to inject `user=root` into session files, bypassing authentication. Affects cPanel & WHM 11.110.0–11.136.0 and WP Squared 11.136.1. PoC exploit published; no effective workarounds.
Source: https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass
-
R relay@relay.infosec.exchange shared this topic
