Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2026-41940 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2026-41940 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2026-41940 is an authentication bypass vulnerability in the login flow of WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared), allowing unauthenticated remote attackers to gain unauthorized access to the control panel interface.

Technical Detail

The flaw exists within the authentication logic of the login flow in cPanel & WHM and WP2, where an unauthenticated remote attacker can bypass credential verification and obtain unauthorized access to the control panel. The precise mechanism of the bypass has not been publicly detailed, but the nature of the vulnerability suggests a flaw in session handling, token validation, or authentication state management during the login sequence. Successful exploitation grants an attacker control panel access without valid credentials, which in the context of cPanel & WHM could expose hosted web environments, server configurations, DNS records, email accounts, and administrative functions across all hosted accounts on the affected system.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities catalog on April 30, 2026. The exploit maturity is rated Operational, meaning functional exploit code capable of reliable exploitation exists and is being used in real-world attacks. This is not limited to proof-of-concept demonstrations; attackers are actively leveraging this vulnerability against production systems.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Given the nature of the affected products, which are widely deployed across shared hosting environments and managed WordPress platforms, opportunistic attackers and financially motivated actors targeting web hosting infrastructure are the most probable threat profile. No named groups or campaigns have been formally attributed to exploitation of this CVE as of the date of this briefing.

What To Do

Organizations running WebPros cPanel & WHM or WP2 should treat this as a critical priority patch regardless of the CVSS score of 0.0, which likely reflects incomplete scoring data rather than low actual risk. Per CISA's Known Exploited Vulnerabilities catalog addition dated April 30, 2026, federal agencies subject to BOD 22-01 are required to apply vendor-supplied patches or mitigations immediately. All organizations should apply available updates from WebPros without delay, restrict control panel access to trusted IP ranges at the network perimeter as an interim control, audit authentication logs for anomalous login activity or unauthorized session creation, and verify that no unauthorized administrative accounts have been created on affected systems. Contact WebPros directly for the latest patched release versions if vendor advisories have not yet been received.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →