INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

cPanel Authentication Bypass Vulnerability

| 2026-05-10 15:59 CRITICAL HIGH
JSON
Executive Summary AI-generated
The newly discovered cPanel vulnerabilities could allow attackers to read arbitrary files, execute code, and escalate privileges on vulnerable systems. These exploits have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog, which could lead to the exploitation of CVE-2026-41940, an authentication bypass flaw affecting cPanel and WHM versions after 11.40.
Technical Mitigations AI-generated
* Implement secure login mechanisms: Ensure that all users log in to cPanel using a strong password and consider implementing additional security measures such as multi-factor authentication, session timeouts, or IP blocking. * Regularly update and patch software: Keep your WHM (Web Host Manager) and cPanel versions up-to-date with the latest security patches to prevent exploitation of known vulnerabilities like CVE-2026-41940. * Use secure file permissions: Set strict file permissions for sensitive files and directories, such as /var/cpanel/sessions/raw/, to limit access to unauthorized users or scripts. * Monitor system logs and activity: Regularly review system logs and monitor user activity to detect potential security breaches or suspicious login attempts. * Implement network segmentation and isolation: Segment your network into separate zones for cPanel and WHM, as well as other sensitive systems, to prevent lateral movement in case of a breach.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-29202CVE-2026-29202 CVE-2026-29201CVE-2026-29201 CVE-2026-29203CVE-2026-29203 CVE-2026-41940CVE-2026-41940
Target & Sectors
Global Scope
Incident Timeline
‎late February 2026
Threat actors exploited a known cPanel authentication bypass vulnerability in several hosting providers.
‎28 April 2026
Threat actors exploited a previously unknown vulnerability in cPanel authentication, compromising servers two months prior to the release of an urgent patch.
organisation WebPros International
That means servers got compromised two months before an urgent patch was released by cPanel developer WebPros International L.L.C. on 28 April 2026..
organisation L.L.C.
That means servers got compromised two months before an urgent patch was released by cPanel developer WebPros International L.L.C. on 28 April 2026..
‎April 29, 2026
Threat actors exploited a cPanel Authentication Bypass Vulnerability to gain unauthorized access.
‎May 3, 2026
Threat actors exploited a cPanel Authentication Bypass Vulnerability.
vulnerability CVE-2026-41940
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
attribution Known Exploited
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
tactic T1588.006 - Vulnerabilities
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
attribution KEV
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
general_metric 41940 CVE-2026
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
attribution Federal Civilian Executive Branch
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
attribution FCEB
" The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-41940 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by May 3, 2026.
‎2026/05/10
CPanel fixed three flaws that could allow file reads, code execution, and privilege escalation.
organisation cPanel
New cPanel vulnerabilities could allow file access and remote code execution cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation.
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.
Cybersecurity researchers at watchTowr Labs have reported a critical security vulnerability in cPanel and WHM (Web Host Manager) a software suite used to manage over 70 million websites globally.
A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers.
organisation New cPanel
New cPanel vulnerabilities could allow file access and remote code execution.
organisation WHM
Cybersecurity researchers at watchTowr Labs have reported a critical security vulnerability in cPanel and WHM (Web Host Manager) a software suite used to manage over 70 million websites globally.
“Therefore, we’re releasing our  Detection Artifact Generator  to enable defenders to identify vulnerable hosts in their estates.” CVE-2026-41940 is an authentication bypass flaw affecting cPanel and WHM versions after 11.40.
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros on Tuesday.
organisation SecurityAffairs
Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, CVE-2026-29201, CVE-2026-29202, CVE-2026-29203 )
organisation CVE-2026
CVE-2026-29202   (CVSS score of 8.8) : a critical flaw in the create_user API caused by improper validation of the plugin parameter.
organisation API
CVE-2026-29202   (CVSS score of 8.8) : a critical flaw in the create_user API caused by improper validation of the plugin parameter.
organisation Mirai
Although there is currently no evidence of active exploitation, the disclosure comes shortly after threat actors weaponized another critical cPanel flaw, tracked as CVE-2026-41940 , as a zero-day to deploy Mirai botnet variants.
infrastructure 11.40
“Therefore, we’re releasing our  Detection Artifact Generator  to enable defenders to identify vulnerable hosts in their estates.” CVE-2026-41940 is an authentication bypass flaw affecting cPanel and WHM versions after 11.40.
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).
organisation CVSS
Flaw Now Tracked as CVE-2026-41940; Exploited as 0-Day The authentication bypass vulnerability has been assigned the CVE identifier CVE-2026-41940 , and carries a CVSS score of 9.8 out of 10.0.
The risk is unmistakable given that CVE-2026-41940 has a CVSS score of 9.8 and affects all cPanel versions, even EoL (End-of-Life).
Below are the descriptions for these flaws: CVE-2026-29201  (CVSS score of 4.3) : an input validation issue in the feature::LOADFEATUREFILE adminbin call that could let attackers read arbitrary files on the server.
The CVE has been given a 9.8 on the CVSS scale.
organisation Flaw Now Tracked
Flaw Now Tracked as CVE-2026-41940; Exploited as 0-Day The authentication bypass vulnerability has been assigned the CVE identifier CVE-2026-41940 , and carries a CVSS score of 9.8 out of 10.0.
organisation CVE
Flaw Now Tracked as CVE-2026-41940; Exploited as 0-Day The authentication bypass vulnerability has been assigned the CVE identifier CVE-2026-41940 , and carries a CVSS score of 9.8 out of 10.0.
The CVE has been given a 9.8 on the CVSS scale.
organisation a Carriage Return Line Feed
In its own advisory for the vulnerability, Rapid7 said CVE-2026-41940 is caused by a Carriage Return Line Feed ( CRLF ) injection in the login and session loading processes of cPanel and WHM, allowing an attacker to gain unauthorized administrative access to the affected systems - Before authentication occurs, `cpsrvd` (the cPanel service daemon) writes a new session file to the disk.
infrastructure 9.8
The risk is unmistakable given that CVE-2026-41940 has a CVSS score of 9.8 and affects all cPanel versions, even EoL (End-of-Life).
organisation EoL
The risk is unmistakable given that CVE-2026-41940 has a CVSS score of 9.8 and affects all cPanel versions, even EoL (End-of-Life).
organisation WP Squared
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
Updates were also released for WP Squared and legacy CentOS 6 / CloudLinux 6 systems.
In an update to its advisory, cPanel said patches have also been pushed to WP Squared version 136.1.7 .
organisation WebHost
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros on Tuesday.
organisation WordPress
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
infrastructure 11.136.0
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
11.136.0.5 The watchTowr team also released a Detection Artifact Generator on GitHub for users’ ease available here .
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
infrastructure 11.134.0
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 11.132.0
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 11.86.0
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
infrastructure 11.110.0
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 11.118.0
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 11.126.0
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 11.130.0
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
infrastructure 11.136.1
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
infrastructure 110.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 118.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 126.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 132.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 134.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
infrastructure 136.0
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
organisation Known Exploited
The Cybersecurity and Infrastructure Security Agency added the CVE to its Known Exploited Vulnerabilities (KEV) list Thursday.
organisation KEV
The Cybersecurity and Infrastructure Security Agency added the CVE to its Known Exploited Vulnerabilities (KEV) list Thursday.
organisation NIST
"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).
organisation National Vulnerability Database
"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).
organisation NVD
"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).
organisation WebPros
The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros on Tuesday.
organisation cPanel & WHM
cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems.
“According to cPanel, this vulnerability affects – and we cannot stress this enough – all currently supported versions of cPanel & WHM.
infrastructure 136.1.7
In an update to its advisory, cPanel said patches have also been pushed to WP Squared version 136.1.7 .
organisation KnownHost
“As we stated above, in-the-wild exploitation has already begun, according to KnownHost.”
cPanel has also urged customers to perform the following actions - Update the server to one of the above-listed versions immediately via the cPanel update script ("/scripts/upcp --force") Verify and confirm the cPanel build version being returned and perform a restart As mitigations until a patch can be applied, the company is suggesting the following steps - Block inbound traffic on ports 2083, 2087, 2095, and 2096 at the firewall, or Stop cpsrvd and cpdavd Reports on Reddit indicate that the vulnerability has been under active exploitation as a zero-day, with KnownHost CEO Daniel Pearson noting that "this has absolutely been used in the wild, and has been seen at least for the last 30 days if not longer."
KnownHost, a hosting provider that relies on cPanel, said earlier this week that successful exploits had been observed in the wild prior to any fix being made available.
organisation the Shadowserver Foundation
According to the Shadowserver Foundation, thousands of instances may be exposed.
organisation InMotion
hosting.com, Namecheap, KnownHost, HostPapa, InMotion and the rest all pulled the emergency brake because the alternative was watching their entire customer base get owned in real-time.
organisation Reseller
UTC, the fix has been applied to Reseller, Stellar Business servers, and the rest, according to the Namecheap Support Team.
organisation Stellar Business
UTC, the fix has been applied to Reseller, Stellar Business servers, and the rest, according to the Namecheap Support Team.
organisation the Namecheap Support Team
UTC, the fix has been applied to Reseller, Stellar Business servers, and the rest, according to the Namecheap Support Team.
organisation Password
cPanel has released a detection script to look for indicators of compromise - Session has both token_denied AND cp_security_token and method=badpass origin Pre-authenticated session with authenticated attributes Any session with tfa_verified but no valid origin Password field containing newlines "Compromise of cPanel is materially different from the compromise of a single customer website.
organisation LinkedIn, Eye Security
" In a post shared on LinkedIn, Eye Security said it identified over 2 million cPanel instances connected to the internet, although it's currently not known how many of those have auto-update enabled and are vulnerable to the flaw.
organisation The Hacker News
"Let's call this what it is: an unauthenticated authentication bypass in cPanel and WHM, a management-plane solution deployed on tens of thousands of servers and sitting in front of a meaningful chunk of the internet," Benjamin Harris, CEO and founder of watchTowr, told The Hacker News.
organisation Missing Authentication for Critical Function
Breaking the login system This issue is basically a Missing Authentication for Critical Function error found in a service called cpsrvd (the cPanel service daemon) that handles logins.
organisation Update Details
watchTowr’s demo Update Details If you manage a server, check your software version immediately.
organisation Shodan
Internet scans conducted by security firm Rapid7 using the Shodan search engine identified approximately 1.5 million cPanel instances exposed online, though the precise number of vulnerable systems remains unknown.
organisation WatchTowr
WatchTowr separately released a “Detection Artifact Generator” that administrators can use to verify whether their instances remain vulnerable.
Tactical Metrics
Metrics
infrastructure
‎11.136.0
Software Version
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
11.136.0.5 The watchTowr team also released a Detection Artifact Generator on GitHub for users’ ease available here .
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
Metrics
infrastructure
‎11.134.0
Software Version
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎11.132.0
Software Version
The issues have been patched across multiple supported cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎11.40
Software Version
“Therefore, we’re releasing our  Detection Artifact Generator  to enable defenders to identify vulnerable hosts in their estates.” CVE-2026-41940 is an authentication bypass flaw affecting cPanel and WHM versions after 11.40.
"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).
The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform.
Metrics
infrastructure
‎11.86.0
Software Version
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
Metrics
infrastructure
‎11.110.0
Software Version
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
Metrics
infrastructure
‎11.118.0
Software Version
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎11.126.0
Software Version
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎11.130.0
Software Version
The issue has been addressed in the following versions - 11.86.0.41 11.110.0.97 11.118.0.63 11.126.0.54 11.130.0.19 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
Metrics
infrastructure
‎136.1.7
Software Version
In an update to its advisory, cPanel said patches have also been pushed to WP Squared version 136.1.7 .
Metrics
infrastructure
‎9.8
Software Version
The risk is unmistakable given that CVE-2026-41940 has a CVSS score of 9.8 and affects all cPanel versions, even EoL (End-of-Life).
Metrics
infrastructure
‎110.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎118.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎126.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎132.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎134.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎136.0
Software Version
The fix is included in these updates: 110.0.x: 11.110.0.97 118.0.x: 11.118.0.63 126.0.x: 11.126.0.54 132.0.x: 11.132.0.29 134.0.x: 11.134.0.20 136.0.x:
Metrics
infrastructure
‎11.136.1
Software Version
cPanel’s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1.
Intelligence Sources
The Hacker News 2026-04-29
HackRead 2026-05-01
CyberScoop 2026-04-30
Security Affairs 2026-05-10