Security vulnerability in cPanel & WHM - CVE-2026-41940
-
Thursday, 30th April, 2026
-
17:20pm
We would like to inform you of a recently identified security vulnerability (CVE-2026-41940) in the cPanel & WHM systems, as well as in potentially related hosting environments (including WHMCS integrations).
This vulnerability affects all versions of cPanel & WHM, which is why immediate action is required to continue ensuring the security of your systems and customer data.
During a security analysis, a critical vulnerability was identified that could impact authentication mechanisms and overall system security. The vendor has already released relevant updates containing additional security enhancements and optimisations.
We strongly recommend that you review and, where necessary, implement the following measures:
- Immediately update to a patched version of cPanel & WHM
- Ensure that all systems accessible via the internet are updated
- Also check connected systems such as WHMCS for compatibility and security status
- Please note that DNSONLY servers are also affected by this update
The currently patched versions, as well as detailed information on measures and ongoing updates, can be found here:
https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
The security of your infrastructure and the protection of our customers are our top priority.
Should you have any further questions regarding this security advisory, please do not hesitate to contact us.
