Help Center
News
Indusface
Help Center
News
Indusface
AppTrana
Indusface WAS
Indusface WAS MSSP
WAS MSSP Consultant
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
Latest Threats & AppTrana Coverage
Vulnerabilities 2024
Vulnerabilities 2025
Vulnerabilities 2026
CVE-2026-21858 (Ni8mare): Unauthenticated Remote Code Execution in Self-Hosted n8nCVE-2026-22610: Angular Template Compiler XSS Vulnerability Enabling Client-Side Script ExecutionCVE-2025-11953 – Metro4Shell RCE in React Native Metro ServerCVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMMCVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full TakeoverCVE-2026-27739: Angular SSR Request Vulnerability CVE-2026-32201: SharePoint Spoofing Vulnerability Enabling Unauthenticated ImpersonationCVE-2026-34197: Apache ActiveMQ Jolokia RCE VulnerabilityCVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
Other Vulnerabilities
AppTrana API Integration
Release Notes

CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

Disclaimer

This security advisory is shared with all Indusface customers for general awareness.

It does not constitute a confirmation of risk to your specific application, environment, or deployment architecture.

Threat conditions, exploitability, and impact may vary based on application design, exposure, and configuration. Customers are advised to continue monitoring Indusface Security Bulletins and blogs for the latest updates on detections, mitigations, and coverage.

About Vulnerability

CVE-2026-41940 is an authentication bypass vulnerability identified in WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared).

Summary

Vulnerability Type: Authentication Bypass

Attack Vector: Unauthenticated Remote

Impact: Unauthorized access to control panel

Affected Component: Login flow

Description

WebPros cPanel & WHM and WP2 contain an authentication bypass vulnerability within their login flows. This flaw allows unauthenticated remote attackers to gain unauthorized access to the control panel by circumventing the standard authentication mechanism. The vulnerability lies in the logic that processes login attempts, failing to properly validate credentials or session tokens in certain scenarios, thereby granting access without legitimate authentication.

Affected / Vulnerable Versions

The following versions are reported as vulnerable based on currently available vendor and community disclosures:

cPanel and WHM Versions after 11.40

Please refer to the official vendor advisory for authoritative and continuously updated information:

https://nvd.nist.gov/vuln/detail/CVE-2026-41940

Exploitation Status

Public Disclosure: Yes

Known Proof-of-Concept (PoC): Yes

Observed In-The-Wild Attacks: Yes

EPSS Score: 0.2836 (0.97th percentile) - This EPSS score indicates a high likelihood of exploitation within 30 days, placing this vulnerability in the top 1% of vulnerabilities predicted to be exploited in the wild.

Indusface Coverage Status

The vulnerable functionality is reachable from the internet.

WAF / WAAP Coverage

Indusface has validated protection against currently known exploit patterns associated with this vulnerability. Relevant detection and mitigation rules are enabled by default for customers operating in Block Mode. Additional hardening and rule enhancements were released on May 1st, 2026.

Note: WAF-based protection significantly reduces risk but cannot guarantee complete mitigation for all exploitation techniques, especially for zero-day or application-logic-specific attack paths.

Scanner Coverage

At present, the Indusface automated vulnerability scanner does not actively detect this specific vulnerability. Scanner detection support is under development and will be announced via the Indusface Security Bulletin once available.

Platform Impact

Indusface infrastructure and managed security services are not directly impacted by this vulnerability.

Indusface Recommendation

Indusface recommends the following actions to reduce risk:

Immediate Actions Related to AppTrana

  • Ensure all internet-facing applications are protected by Indusface WAF in Block Mode
  • Enable Origin Protection to prevent direct access to application servers

Vendor Suggested Actions & Best Practices

  • Review your application stack to identify usage of affected frameworks or components
  • Apply vendor-recommended mitigations or configuration workarounds, if available
  • Patch or upgrade to fixed versions as advised by the vendor
  • Follow secure deployment practices for server-side rendering and dynamic components
  • Periodically review exposed application endpoints and attack surface

Additional Notes

Zero-day vulnerabilities may evolve rapidly as new exploit techniques emerge.

Indusface Signature Labs continues to monitor threat intelligence feeds, exploit activity, and vendor disclosures to enhance protections as required.

For further assistance or clarification, please contact Indusface Support at support@indusface.com or your Customer Success/Account Manager.

Was this helpful?

Powered by Product Fruits