{
  "title": "cPanel & WHM CVE-2026-41940: KEV Authentication Bypass in Hosting Control Planes",
  "summary": "CISA added WebPros cPanel & WHM and WP2 CVE-2026-41940 to KEV on 2026-04-30 and marks ransomware use as known. WebPros patched many cPanel branches and WP2 136.1.7, provided session-file IOC checks, and urged immediate update or service exposure reduction.",
  "date": "2026-06-01",
  "severity": "critical",
  "tags": [
    "cpanel",
    "cisa-kev",
    "zero-day",
    "hosting",
    "ransomware"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "cpanel-whm-cve-2026-41940-kev",
    "since": "2026-06-01T00:00:00Z",
    "until": "2026-06-01T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-41940"
    ],
    "cwes": [
      "CWE-306"
    ],
    "advisoryIds": [],
    "products": [
      "cPanel & WHM",
      "cPanel DNSOnly",
      "WP2 (WordPress Squared)"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.cisa.gov",
      "support.cpanel.net",
      "nvd.nist.gov",
      "docs.wpsquared.com"
    ],
    "urls": [
      "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
      "https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026",
      "https://nvd.nist.gov/vuln/detail/CVE-2026-41940",
      "https://docs.wpsquared.com/changelogs/versions/changelog/#13617"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}