Skip to content
← Browse CVEs

CVE-2026-41940

Critical · CVSS 9.8EPSS 90.5%CISA KEVCWE-306 · Missing Authentication for Critical Function

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

References

NVD MITRE CVE.org CISA KEV

Published

Community ground truth

Community verdict

3 verdicts
Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 3) — CVSS base score 9.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.