top of page
perceptive_background_267k.jpg

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated …

Published:

30 April 2026 at 00:00:00

Alert date:

30 April 2026 at 18:02:46

Source:

cisa.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

WebPros cPanel & WHM and WP2 (WordPress Squared) contain a critical authentication bypass vulnerability in the login flow. The vulnerability allows unauthenticated remote attackers to gain unauthorized access to the control panel without proper authentication. This affects the WebHost Manager interface and WordPress Squared products. The vulnerability has been assigned CVE-2026-41940 and is considered high severity. Security updates have been released on April 28, 2026 to address this issue. Organizations using these products should apply patches immediately to prevent unauthorized access.

Technical details

Mitigation steps:

Affected products:

WebPros cPanel
WHM
WP2 WordPress Squared

Related links:

https://docs.cpanel.net/release-notes/release-notes/
https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
https://docs.wpsquared.com/changelogs/versions/changelog/#13617
https://nvd.nist.gov/vuln/detail/CVE-2026-41940

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page