Dear Valued Users,
On April 28, 2026, cPanel officially announced a critical security vulnerability (CVE-2026-41940) affecting all existing cPanel/WHM installations worldwide. Due to the severity of this issue, we would like to inform you accordingly.
Nature of the Vulnerability
This vulnerability is an authentication bypass issue within the cPanel/WHM login flow. It has been classified under CWE-306 (Missing Authentication for Critical Function) by independent security researchers. The CVSS score has been rated at CRITICAL level (between 9.3 and 9.8 across versions 3.1 and 4.0).
How Did It Occur?
The vulnerability stems from inconsistencies between logical layers added to the cPanel authentication flow over time. A specially crafted HTTP request can allow an attacker to obtain a valid session token without providing legitimate credentials. In other words, the system may generate a valid session for an unauthenticated client, treating it as an authorized administrative session. Such logic flaws typically arise when auxiliary authentication flows (such as Basic Auth or fallback mechanisms) interact improperly with modern authorization layers.
How Can It Be Exploited?
An attacker only needs network access to the target server (TCP ports 2082/2083/2086/2087).
No valid username, password, API key, or user interaction is required.
The exploit manipulates the session generation mechanism within the login flow to directly create an authorized admin session.
With this session, full access to the cPanel/WHM interface can be obtained, effectively escalating to remote code execution (RCE).
Proof-of-concept (PoC) exploit code has already been publicly disclosed by independent researchers, meaning active exploitation is highly likely.
Our Current Status
All cPanel hosting services provided by WISECP are running on the patched version 11.134.0.20, and our systems are not affected by this vulnerability.
Required Actions
If you are operating your own cPanel/WHM servers, please ensure that you upgrade immediately to one of the following patched versions:
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.132.0.29
- 11.134.0.20
- 11.136.0.5
Recommended Additional Measures
- Verify that automatic updates are enabled under WHM → Update Preferences
- Until the update is completed, restrict access to cPanel/WHM management ports (2083, 2087) to trusted IP addresses only
- After updating, review server logs for unusual admin sessions, unexpected API activity, or newly created accounts
Official References
- cPanel Security Advisory (April 28, 2026):
https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
- NVD Entry:
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
We wanted to emphasize the importance of this matter. If you need any assistance, please do not hesitate to contact us.
Best regards,
WISESOFT Team
Turkey (Türkçe) 
