- New Critical Vulnerability Allows Authentication Bypass
- The vulnerability affects cPanel and WebHost Manager
- Attackers can gain full root administrator privileges on any server
watchTowr Labs researchers have analyzed a critical authentication bypass in cPanel and Web Host Manager (WHM) that allows remote attackers to gain full administrative access to the servers on which much of the Internet depends.
The vulnerability, tracked as CVE-2026-41940 and with a severity score close to 9.8, has been exploited in the wild, as confirmed by KnownHost.
A patch for the vulnerability has been released and administrators are urged to apply it immediately.
Article continues below.
For those who don’t know, cPanel is a software layer that essentially acts as a website’s control panel. Instead of using code, cPanel is the button that allows you to update some text or upload a file to a website. cPanel is also where your website design and data is stored. WHM, on the other hand, is what handles each website at the server level.
The crux of the vulnerability is that the attacker forges an authenticated session without requiring a password. This provides the attacker with root-level access to WHM and therefore access to all websites, databases, and user accounts hosted on that particular server.
From here, there are many options for an attacker. They could steal all your website and user data, upload malware, or simply delete everything on the server.
As explained by watchTowr Labs (in its characteristically quirky format), the exploit relies on the attacker using CRLF (Carriage Return Line Feed) to inject a new line of code into the cPanel logbook that bypasses session file encryption and establishes the attacker as root administrator, giving them access to the WHM admin panel and therefore access to the server. (If you want an even more technical breakdown, check out the watchTowr Labs report.)
The patch for the vulnerability has also added a new ‘sanitization’ feature that deletes any data you send to the server, preventing new lines of code from being introduced.
For administrators, cPanel recommends upgrading to the following versions:
- cPanel and WHM 110.0.x – patched in 11.110.0.97 (previously 11.110.0.96)
- cPanel and WHM 118.0.x – patched in 11.118.0.63 (previously 11.118.0.61)
- cPanel and WHM 126.0.x – patched in 11.126.0.54 (previously 11.126.0.53)
- cPanel and WHM 132.0.x – patched in 11.132.0.29 (previously 11.132.0.27)
- cPanel and WHM 134.0.x – patched in 11.134.0.20 (previously 11.134.0.19)
- cPanel and WHM 136.0.x – patched in 11.136.0.5 (instead of 11.136.0.4)
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
