Categories

Backup/Restore
4
Cloudflare (cPanel)
9
CloudLinux (cPanel)
10
Cpanel
1
cPanel - Control Panel
24
Databases
11
DirectAdmin
48
DNS - Nameservers
6
Domain Management
10
Email
17
FTP
9
Installing a Control Panel
6
Mail Filters & SPAM
8
Mobile
11
Others
3
PayPal
7
Plesk
47
Security
14
SiteWorx (Control Panel)
61
Softaculous
76
SolusVM
19
SSL
5
Virtualizor
19
WHM
18
WordPress
17

  Categories

  Tag Cloud

AlmaLinux Security Authentication Bypass Copy Fail cPanel Security cPanel Security Update cPanel Vulnerability Critical Security Update CVE-2026-31431 CVE-2026-41940 CVE-2026-EXIM-RCE Debian Security Dirty Frag Email Server Vulnerability Exim RCE Exim Vulnerability Linux Kernel Vulnerability Linux Mail Server Linux Server Security Mail Server Security Privilege Escalation Remote Code Execution Remote Root Exploit RHEL Security Root Access Exploit Shared Hosting Security Ubuntu Security Web Hosting Security Webuzo Security WHM Security WHM Vulnerability

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

cPanel/WHM Authentication Bypass Fix Print

  • cPanel Vulnerability, WHM Security, CVE-2026-41940, cPanel Security Update, Web Hosting Security, Remote Root Exploit, Critical Security Update, WHM Vulnerability, Linux Server Security, Authentication Bypass
  • 0

CVE ID: CVE-2026-41940

Severity: Critical (Remote Root)

Overview:

A flaw in the cPanel/WHM authentication flow allows remote attackers to bypass login screens and gain root access to the WHM interface. If you run a web hosting server with cPanel, this update is mandatory.

How to Fix:

You must force a cPanel update to the latest patched version immediately. Run this command as root:

Bash

/scripts/upcp --force

Verification:

After the update, ensure your version is current by running:

Bash

/usr/local/cpanel/cpanel -V

Was this answer helpful?

Related Articles

How to ban any IP Address via .htaccess? If someone is trying to hack your website or you want to block their IP Address, you can add this... How to disable directory browsing using .htaccess? For security purposes, we recommend that you disable directory browsing on your website so no one... How to protect your .htaccess file? For security purposes, we recommend you to prevent access to your .htaccess file from... How to restrict directory access by IP address? To secure your admin area from hackers, we recommend that you allow access only from a selected... How to blacklist an IP Address to deny it access to your website? You can lock directory with a password by using the cPanel Password Protected Directories...
« Back

  Tag Cloud

AlmaLinux Security Authentication Bypass Copy Fail cPanel Security cPanel Security Update cPanel Vulnerability Critical Security Update CVE-2026-31431 CVE-2026-41940 CVE-2026-EXIM-RCE Debian Security Dirty Frag Email Server Vulnerability Exim RCE Exim Vulnerability Linux Kernel Vulnerability Linux Mail Server Linux Server Security Mail Server Security Privilege Escalation Remote Code Execution Remote Root Exploit RHEL Security Root Access Exploit Shared Hosting Security Ubuntu Security Web Hosting Security Webuzo Security WHM Security WHM Vulnerability

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket