A critical authentication bypass vulnerability, CVE-2026-41940, affects cPanel and WebHost Manager (WHM).
This flaw has a CVSS base score of 9.8 and is currently under active exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) added this CVE to its Known Exploited Vulnerabilities (KEV) catalog, showing its immediate threat level.
Organizations using cPanel and WHM instances are at risk; hosting providers reported successful attacks before a public patch was available. Administrators and security teams need to address this urgently.
You will be pleased to know Helpwise hosting accounts are fully protected from this exploit.
