{"id":17106,"date":"2026-05-11T10:00:00","date_gmt":"2026-05-11T16:00:00","guid":{"rendered":"https:\/\/www.supportpro.com\/blog\/?p=17106"},"modified":"2026-05-10T21:39:46","modified_gmt":"2026-05-11T03:39:46","slug":"vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/","title":{"rendered":"Vulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">Overview of the Vulnerability<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This vulnerability in <strong>cPanel &amp; WHM<\/strong> is an <strong>authentication bypass flaw<\/strong> that can allow an attacker to gain full administrative access without requiring a valid username or password.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Under normal conditions, cPanel authentication follows a secure login flow. However, this vulnerability disrupts that process by allowing manipulated session data to be trusted by the system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How cPanel Login Normally Works<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When a user logs into cPanel\/WHM, the following process takes place:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>User accesses the WHM\/cPanel login page<\/li>\n\n\n\n<li>Username and password are entered<\/li>\n\n\n\n<li>cPanel verifies the credentials<\/li>\n\n\n\n<li>A session file (temporary login ticket) is created<\/li>\n\n\n\n<li>The session is stored on the server<\/li>\n\n\n\n<li>All subsequent requests use this session for authentication<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">This ensures that only authenticated users can access administrative features.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Goes Wrong in This Vulnerability<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Due to the bug, an attacker is able to <strong>manipulate the session file during the login process<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of waiting for proper authentication, cPanel may incorrectly trust session data that has been altered before verification is completed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How the Attack Works<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An attacker can send a specially crafted request containing <strong>modified or fake session parameters<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By inspecting login requests using browser developer tools (Network tab), the attacker can alter outgoing requests before they reach the server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example Scenario<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Normal Request:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>user=admin<br>pass=wrongpassword<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Modified Malicious Request:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>user=admin<br>pass=wrongpassword<br>cp_security_token=\/cpsess99999999<br>successful_external_auth_with_timestamp=1<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">Note: This is only a conceptual example for understanding the issue.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">What the Attacker Achieves<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No need to know the actual password<\/li>\n\n\n\n<li>Injects fake authentication-related parameters<\/li>\n\n\n\n<li>Sends a modified request to the server<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">cPanel then incorrectly processes these values and may treat the session as authenticated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Root Cause of the Issue<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The vulnerability occurs because:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attacker injects a fake token into the login request<\/li>\n\n\n\n<li>cPanel writes this data into the session file too early<\/li>\n\n\n\n<li>The session file is then used for validation<\/li>\n\n\n\n<li>cPanel mistakenly trusts the manipulated session data<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">In Simple Terms:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">cPanel trusted session data that was influenced by attacker-controlled input before authentication was completed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fixed Versions Released by cPanel<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The issue has been patched in the following versions:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>11.86.0.41<br>11.110.0.97<br>11.118.0.63<br>11.126.0.54<br>11.130.0.19<br>11.132.0.29<br>11.136.0.5<br>11.134.0.20<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If your system is running any of these versions, the vulnerability is considered fixed. Older versions may still be at risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Required Actions (Update Process)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To secure your server, update cPanel using:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/scripts\/upcp --force<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Verify Update Status<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/local\/cpanel\/cpanel -V<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Restart cPanel Service<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>\/scripts\/restartsrv_cpsrvd<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Temporary Mitigation (If Update Is Not Possible)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If immediate updating is not possible, you can reduce exposure by blocking access to cPanel services:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>2083 \u2192 cPanel  <br>2087 \u2192 WHM  <br>2095 \u2192 Webmail  <br>2096 \u2192 Webmail SSL  <\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Important Drawback:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Blocking these ports will also prevent legitimate users and administrators from accessing cPanel\/WHM until access is restored.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Detection of Potential Exploitation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">cPanel also provides a <strong>detection script<\/strong> to identify signs of compromise. It checks for the following red flags:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1. Fake Token + Failed Token Combination<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>token_denied=1  <br>cp_security_token=\/cpsessXXX  <br>origin=method=badpass<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">2. Pre-Authentication Session Claiming Login Success<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3. 2FA Marked as Passed Without Valid Login<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">4. Password Field Containing Hidden Newlines<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Detection Script Reference: <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026?utm_source=chatgpt.com\">cPanel Security Advisory<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Additional Security Recommendations<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To further reduce risk and strengthen security posture:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>IP-based access restrictions<\/strong> for WHM\/cPanel<\/li>\n\n\n\n<li>Restrict access using <strong>VPN-only administration<\/strong><\/li>\n\n\n\n<li>Monitor logs for unusual or repeated login attempts<\/li>\n\n\n\n<li>Enforce <strong>strong password policies<\/strong><\/li>\n\n\n\n<li>Enable <strong>Multi-Factor Authentication (MFA)<\/strong> for all admin users<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This vulnerability highlights how session handling flaws can lead to serious authentication bypass issues in critical systems like cPanel &amp; WHM. While patches are available, securing access through layered controls such as IP restriction, MFA, and monitoring is essential to reduce exposure and prevent exploitation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.supportpro.com\/requestquote.php\" title=\"\">Worried about cPanel\/WHM security vulnerabilities or need help securing your server infrastructure? <\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Get expert assistance from <a href=\"https:\/\/www.supportpro.com\/requestquote.php\" title=\"\">SupportPro<\/a> for proactive monitoring, patch management, and 24\/7 technical support to keep your systems safe and fully protected.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-white-background-color has-background\"><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size wp-block-paragraph\">Facing issues? <\/p>\n\n\n\n<p class=\"has-large-font-size wp-block-paragraph\">Our technical support<br>engineers can solve it. <\/p>\n\n\n\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" alt=\"guy server checkup\" class=\"wp-image-12943 size-full\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview of the Vulnerability This vulnerability in cPanel &amp; WHM is an authentication bypass flaw that can allow an attacker to gain full administrative access without requiring a valid username&hellip;<\/p>\n","protected":false},"author":37,"featured_media":17107,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[316],"tags":[],"class_list":["post-17106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers\" \/>\n\t<meta name=\"robots\" content=\"max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n\t<meta name=\"author\" content=\"Ardra Shaji\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Server Management Tips | SupportPRO Blog\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix\" \/>\n\t\t<meta property=\"og:description\" content=\"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-05-11T16:00:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-05-11T03:39:46+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#article\",\"name\":\"cPanel & WHM Auth Bypass Vulnerability Explained & Fix\",\"headline\":\"Vulnerability of cPanel &amp; WHM \\\/ WP2 (Security: CVE-2026-41940)\",\"author\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/author\\\/ardra-sarmiasystems-com\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/SupportPro-May-2.png\",\"width\":1920,\"height\":1080,\"caption\":\"Vulnerability of cPanel & WHM \\\/ WP2\"},\"datePublished\":\"2026-05-11T10:00:00-06:00\",\"dateModified\":\"2026-05-10T21:39:46-06:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#webpage\"},\"articleSection\":\"Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.supportpro.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/category\\\/security\\\/#listItem\",\"name\":\"Security\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/category\\\/security\\\/#listItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/category\\\/security\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#listItem\",\"name\":\"Vulnerability of cPanel &amp; WHM \\\/ WP2 (Security: CVE-2026-41940)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#listItem\",\"position\":3,\"name\":\"Vulnerability of cPanel &amp; WHM \\\/ WP2 (Security: CVE-2026-41940)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/category\\\/security\\\/#listItem\",\"name\":\"Security\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/#organization\",\"name\":\"SupportPRO\",\"description\":\"SupportPRO Blog\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/\",\"telephone\":\"+18476076123\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/author\\\/ardra-sarmiasystems-com\\\/#author\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/author\\\/ardra-sarmiasystems-com\\\/\",\"name\":\"Ardra Shaji\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3c6f5f0dda36684877ca11eef7137eb0ec5becf0eb3ae562d6e93a0de923913?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"Ardra Shaji\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#webpage\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/\",\"name\":\"cPanel & WHM Auth Bypass Vulnerability Explained & Fix\",\"description\":\"Learn about the cPanel & WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/author\\\/ardra-sarmiasystems-com\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/author\\\/ardra-sarmiasystems-com\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/SupportPro-May-2.png\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#mainImage\",\"width\":1920,\"height\":1080,\"caption\":\"Vulnerability of cPanel & WHM \\\/ WP2\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\\\/#mainImage\"},\"datePublished\":\"2026-05-11T10:00:00-06:00\",\"dateModified\":\"2026-05-10T21:39:46-06:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/\",\"name\":\"Server Management Tips\",\"description\":\"SupportPRO Blog\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.supportpro.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix<\/title>\n\n","aioseo_head_json":{"title":"cPanel & WHM Auth Bypass Vulnerability Explained & Fix","description":"Learn about the cPanel & WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers","canonical_url":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/","robots":"max-snippet:-1, max-image-preview:large, max-video-preview:-1","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#article","name":"cPanel & WHM Auth Bypass Vulnerability Explained & Fix","headline":"Vulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)","author":{"@id":"https:\/\/www.supportpro.com\/blog\/author\/ardra-sarmiasystems-com\/#author"},"publisher":{"@id":"https:\/\/www.supportpro.com\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png","width":1920,"height":1080,"caption":"Vulnerability of cPanel & WHM \/ WP2"},"datePublished":"2026-05-11T10:00:00-06:00","dateModified":"2026-05-10T21:39:46-06:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#webpage"},"isPartOf":{"@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#webpage"},"articleSection":"Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/www.supportpro.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog\/category\/security\/#listItem","name":"Security"}},{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog\/category\/security\/#listItem","position":2,"name":"Security","item":"https:\/\/www.supportpro.com\/blog\/category\/security\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#listItem","name":"Vulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#listItem","position":3,"name":"Vulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)","previousItem":{"@type":"ListItem","@id":"https:\/\/www.supportpro.com\/blog\/category\/security\/#listItem","name":"Security"}}]},{"@type":"Organization","@id":"https:\/\/www.supportpro.com\/blog\/#organization","name":"SupportPRO","description":"SupportPRO Blog","url":"https:\/\/www.supportpro.com\/blog\/","telephone":"+18476076123"},{"@type":"Person","@id":"https:\/\/www.supportpro.com\/blog\/author\/ardra-sarmiasystems-com\/#author","url":"https:\/\/www.supportpro.com\/blog\/author\/ardra-sarmiasystems-com\/","name":"Ardra Shaji","image":{"@type":"ImageObject","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/d3c6f5f0dda36684877ca11eef7137eb0ec5becf0eb3ae562d6e93a0de923913?s=96&d=mm&r=g","width":96,"height":96,"caption":"Ardra Shaji"}},{"@type":"WebPage","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#webpage","url":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/","name":"cPanel & WHM Auth Bypass Vulnerability Explained & Fix","description":"Learn about the cPanel & WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.supportpro.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#breadcrumblist"},"author":{"@id":"https:\/\/www.supportpro.com\/blog\/author\/ardra-sarmiasystems-com\/#author"},"creator":{"@id":"https:\/\/www.supportpro.com\/blog\/author\/ardra-sarmiasystems-com\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png","@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#mainImage","width":1920,"height":1080,"caption":"Vulnerability of cPanel & WHM \/ WP2"},"primaryImageOfPage":{"@id":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/#mainImage"},"datePublished":"2026-05-11T10:00:00-06:00","dateModified":"2026-05-10T21:39:46-06:00"},{"@type":"WebSite","@id":"https:\/\/www.supportpro.com\/blog\/#website","url":"https:\/\/www.supportpro.com\/blog\/","name":"Server Management Tips","description":"SupportPRO Blog","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.supportpro.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Server Management Tips | SupportPRO Blog","og:type":"article","og:title":"cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix","og:description":"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers","og:url":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/","og:image":"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png","og:image:secure_url":"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png","og:image:width":1920,"og:image:height":1080,"article:published_time":"2026-05-11T16:00:00+00:00","article:modified_time":"2026-05-11T03:39:46+00:00","twitter:card":"summary","twitter:title":"cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix","twitter:description":"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers","twitter:image":"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2026\/05\/SupportPro-May-2.png"},"aioseo_meta_data":{"post_id":"17106","title":"cPanel &amp; WHM Auth Bypass Vulnerability Explained &amp; Fix","description":"Learn about the cPanel &amp; WHM authentication bypass vulnerability, how it works, affected versions, fixes, and security best practices to protect servers","keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"seo_analyzer_scan_date":"2026-05-11 16:42:29","breadcrumb_settings":null,"limit_modified_date":false,"open_ai":null,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-05-07 07:51:03","updated":"2026-05-11 16:42:29"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/www.supportpro.com\/blog\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/www.supportpro.com\/blog\/category\/security\/\" title=\"Security\">Security<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\tVulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.supportpro.com\/blog"},{"label":"Security","link":"https:\/\/www.supportpro.com\/blog\/category\/security\/"},{"label":"Vulnerability of cPanel &amp; WHM \/ WP2 (Security: CVE-2026-41940)","link":"https:\/\/www.supportpro.com\/blog\/vulnerability-of-cpanel-whm-wp2-security-cve-2026-41940\/"}],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/17106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=17106"}],"version-history":[{"count":1,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/17106\/revisions"}],"predecessor-version":[{"id":17108,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/17106\/revisions\/17108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/17107"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=17106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=17106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=17106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}