English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-41940

Critical
Low Medium High Critical
9.8
CVSS Score
Published: Apr 29, 2026
Last Modified: Apr 29, 2026
CWE: CWE-306

Vulnerability Description

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H

References & Resources

Severity Details

9.8
out of 10.0
Critical

Weakness Type (CWE)

CWE-306 Top 25 #16

Missing Authentication for Critical Function

Description
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Exploit Likelihood
High
Typical Severity
High
OWASP Top 10
A07:2021-Identification/Auth Failures
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
April 29, 2026

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record