[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-41940":6},{"stargazers_count":4,"fetched_at":5},5,"2026-05-01T12:24:33.086Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":53,"related":54,"reserved_at":9,"published_at":55,"modified_at":56,"state":57,"summary":58,"references_raw":68,"kevs":104,"epss":115,"epss_history":117,"metrics":119,"affected":131},"CVE-2026-41940","cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","weakness","Draft","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-12","Choosing Message Identifier",[],{"id":25,"name":26,"techniques":27},"CAPEC-166","Force the System to Reset Values",[],{"id":29,"name":30,"techniques":31},"CAPEC-216","Communication Channel Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":37,"name":38,"techniques":39},"CAPEC-62","Cross Site Request Forgery",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_WATCHTOWRLABS_WATCHTOWR-VS-CPANEL-WHM-AUTHBYPASS-TO-RCE.PY","Watchtowr Vs Cpanel Whm Authbypass To Rce.Py","github","https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py","poc",0.3,false,[],[],[],[],[],[],"2026-04-29T15:10:37.899Z","2026-05-01T03:55:47.986Z","Analyzed",{"cisa_kev":59,"cisa_ransomware":48,"cisa_vendor":60,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":57},true,"WebPros","medium",0.1652,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[69,76,81,85,90,94,98],{"url":70,"sources":71,"tags":73},"https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026",[66,72],"nvd",[74,75],"Vendor Advisory","Patch",{"url":77,"sources":78,"tags":79},"https://docs.cpanel.net/release-notes/release-notes",[66,72],[80],"Release Notes",{"url":82,"sources":83,"tags":84},"https://docs.wpsquared.com/changelogs/versions/changelog/#13617",[66,72],[80],{"url":86,"sources":87,"tags":88},"https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026",[66,72],[89],"Third Party Advisory",{"url":91,"sources":92,"tags":93},"https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow",[66,72],[89],{"url":45,"sources":95,"tags":96},[66,72],[97,89],"Exploit",{"url":99,"sources":100,"tags":101},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940",[66,72],[102,103],"Government Resource","US Government Resource",[105],{"source":106,"vendor":60,"product":107,"date_added":108,"vulnerability_name":109,"short_description":110,"required_action":111,"due_date":112,"known_ransomware_campaign_use":113,"notes":114,"exploitation_type":9},"cisa","cPanel & WHM and WP2 (WordPress Squared)","2026-04-30","WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability","WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-03","Unknown","https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940\"",{"date":108,"score":62,"percentile":116},0.94925,[118],{"date":108,"score":62,"percentile":116},[120,127],{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":121,"cvss_v4_0":124},{"baseScore":64,"baseSeverity":122,"vectorString":67,"impactScore":64,"exploitabilityScore":123},"CRITICAL",10,{"baseScore":125,"baseSeverity":122,"vectorString":126,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":72,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":128,"cvss_v4_0":129},{"baseScore":64,"baseSeverity":122,"vectorString":67,"impactScore":64,"exploitabilityScore":123},{"baseScore":125,"baseSeverity":122,"vectorString":130,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[132,164,172,222,241,248,277],{"ecosystem":9,"name":133,"vendor":134,"product":135,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":137},"cPanel & WHM","cpanel, l.l.c.","cpanel & whm","a",[138,144,148,152,156,160],{"version":139,"is_range":59,"range_type":66,"version_start":140,"version_start_type":141,"version_end":142,"version_end_type":143,"fixed_in":9},">= 11.110.0, \u003C 11.110.0.97","11.110.0","including","11.110.0.97","excluding",{"version":145,"is_range":59,"range_type":66,"version_start":146,"version_start_type":141,"version_end":147,"version_end_type":143,"fixed_in":9},">= 11.118.0, \u003C 11.118.0.63","11.118.0","11.118.0.63",{"version":149,"is_range":59,"range_type":66,"version_start":150,"version_start_type":141,"version_end":151,"version_end_type":143,"fixed_in":9},">= 11.126.0, \u003C 11.126.0.54","11.126.0","11.126.0.54",{"version":153,"is_range":59,"range_type":66,"version_start":154,"version_start_type":141,"version_end":155,"version_end_type":143,"fixed_in":9},">= 11.132.0, \u003C 11.132.0.29","11.132.0","11.132.0.29",{"version":157,"is_range":59,"range_type":66,"version_start":158,"version_start_type":141,"version_end":159,"version_end_type":143,"fixed_in":9},">= 11.134.0, \u003C 11.134.0.20","11.134.0","11.134.0.20",{"version":161,"is_range":59,"range_type":66,"version_start":162,"version_start_type":141,"version_end":163,"version_end_type":143,"fixed_in":9},">= 11.136.0, \u003C 11.136.0.5","11.136.0","11.136.0.5",{"ecosystem":9,"name":165,"vendor":134,"product":166,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":167},"WP Squared","wp squared",[168],{"version":169,"is_range":59,"range_type":66,"version_start":170,"version_start_type":141,"version_end":171,"version_end_type":143,"fixed_in":9},">= 11.136.1, \u003C 11.136.1.7","11.136.1","11.136.1.7",{"ecosystem":9,"name":173,"vendor":173,"product":173,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":174},"cpanel",[175,176,177,178,179,180,181,185,189,194,198,202,206,210,214,218],{"version":139,"is_range":59,"range_type":66,"version_start":140,"version_start_type":141,"version_end":142,"version_end_type":143,"fixed_in":9},{"version":145,"is_range":59,"range_type":66,"version_start":146,"version_start_type":141,"version_end":147,"version_end_type":143,"fixed_in":9},{"version":149,"is_range":59,"range_type":66,"version_start":150,"version_start_type":141,"version_end":151,"version_end_type":143,"fixed_in":9},{"version":153,"is_range":59,"range_type":66,"version_start":154,"version_start_type":141,"version_end":155,"version_end_type":143,"fixed_in":9},{"version":157,"is_range":59,"range_type":66,"version_start":158,"version_start_type":141,"version_end":159,"version_end_type":143,"fixed_in":9},{"version":161,"is_range":59,"range_type":66,"version_start":162,"version_start_type":141,"version_end":163,"version_end_type":143,"fixed_in":9},{"version":182,"is_range":59,"range_type":66,"version_start":183,"version_start_type":141,"version_end":184,"version_end_type":143,"fixed_in":9},">= 11.86.0, \u003C 11.86.0.41","11.86.0","11.86.0.41",{"version":186,"is_range":59,"range_type":66,"version_start":187,"version_start_type":141,"version_end":188,"version_end_type":143,"fixed_in":9},">= 11.130.0, \u003C 11.130.0.18","11.130.0","11.130.0.18",{"version":190,"is_range":59,"range_type":191,"version_start":192,"version_start_type":141,"version_end":193,"version_end_type":143,"fixed_in":9},"gte11.40_lt86.0.41","cpe","11.40","86.0.41",{"version":195,"is_range":59,"range_type":191,"version_start":196,"version_start_type":141,"version_end":197,"version_end_type":143,"fixed_in":9},"gte88.0.0_lt110.0.97","88.0.0","110.0.97",{"version":199,"is_range":59,"range_type":191,"version_start":200,"version_start_type":141,"version_end":201,"version_end_type":143,"fixed_in":9},"gte112.0.0_lt118.0.63","112.0.0","118.0.63",{"version":203,"is_range":59,"range_type":191,"version_start":204,"version_start_type":141,"version_end":205,"version_end_type":143,"fixed_in":9},"gte120.0.0_lt126.0.54","120.0.0","126.0.54",{"version":207,"is_range":59,"range_type":191,"version_start":208,"version_start_type":141,"version_end":209,"version_end_type":143,"fixed_in":9},"gte128.0.0_lt130.0.19","128.0.0","130.0.19",{"version":211,"is_range":59,"range_type":191,"version_start":212,"version_start_type":141,"version_end":213,"version_end_type":143,"fixed_in":9},"gte132.0.0_lt132.0.29","132.0.0","132.0.29",{"version":215,"is_range":59,"range_type":191,"version_start":216,"version_start_type":141,"version_end":217,"version_end_type":143,"fixed_in":9},"gte134.0.0_lt134.0.20","134.0.0","134.0.20",{"version":219,"is_range":59,"range_type":191,"version_start":220,"version_start_type":141,"version_end":221,"version_end_type":143,"fixed_in":9},"gte136.0.0_lt136.0.5","136.0.0","136.0.5",{"ecosystem":9,"name":223,"vendor":173,"product":223,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":224},"whm",[225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240],{"version":139,"is_range":59,"range_type":66,"version_start":140,"version_start_type":141,"version_end":142,"version_end_type":143,"fixed_in":9},{"version":145,"is_range":59,"range_type":66,"version_start":146,"version_start_type":141,"version_end":147,"version_end_type":143,"fixed_in":9},{"version":149,"is_range":59,"range_type":66,"version_start":150,"version_start_type":141,"version_end":151,"version_end_type":143,"fixed_in":9},{"version":153,"is_range":59,"range_type":66,"version_start":154,"version_start_type":141,"version_end":155,"version_end_type":143,"fixed_in":9},{"version":157,"is_range":59,"range_type":66,"version_start":158,"version_start_type":141,"version_end":159,"version_end_type":143,"fixed_in":9},{"version":161,"is_range":59,"range_type":66,"version_start":162,"version_start_type":141,"version_end":163,"version_end_type":143,"fixed_in":9},{"version":182,"is_range":59,"range_type":66,"version_start":183,"version_start_type":141,"version_end":184,"version_end_type":143,"fixed_in":9},{"version":186,"is_range":59,"range_type":66,"version_start":187,"version_start_type":141,"version_end":188,"version_end_type":143,"fixed_in":9},{"version":190,"is_range":59,"range_type":191,"version_start":192,"version_start_type":141,"version_end":193,"version_end_type":143,"fixed_in":9},{"version":195,"is_range":59,"range_type":191,"version_start":196,"version_start_type":141,"version_end":197,"version_end_type":143,"fixed_in":9},{"version":199,"is_range":59,"range_type":191,"version_start":200,"version_start_type":141,"version_end":201,"version_end_type":143,"fixed_in":9},{"version":203,"is_range":59,"range_type":191,"version_start":204,"version_start_type":141,"version_end":205,"version_end_type":143,"fixed_in":9},{"version":207,"is_range":59,"range_type":191,"version_start":208,"version_start_type":141,"version_end":209,"version_end_type":143,"fixed_in":9},{"version":211,"is_range":59,"range_type":191,"version_start":212,"version_start_type":141,"version_end":213,"version_end_type":143,"fixed_in":9},{"version":215,"is_range":59,"range_type":191,"version_start":216,"version_start_type":141,"version_end":217,"version_end_type":143,"fixed_in":9},{"version":219,"is_range":59,"range_type":191,"version_start":220,"version_start_type":141,"version_end":221,"version_end_type":143,"fixed_in":9},{"ecosystem":9,"name":166,"vendor":173,"product":242,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":243},"wp_squared",[244,245],{"version":169,"is_range":59,"range_type":66,"version_start":170,"version_start_type":141,"version_end":171,"version_end_type":143,"fixed_in":9},{"version":246,"is_range":59,"range_type":191,"version_start":9,"version_start_type":9,"version_end":247,"version_end_type":143,"fixed_in":9},"lt136.1.7","136.1.7",{"ecosystem":9,"name":249,"vendor":250,"product":173,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":251},"cPanel","webpros",[252,255,258,261,264,268,271,274],{"version":253,"is_range":59,"range_type":66,"version_start":254,"version_start_type":141,"version_end":184,"version_end_type":143,"fixed_in":9},">= 11.40.0.0, \u003C 11.86.0.41","11.40.0.0",{"version":256,"is_range":59,"range_type":66,"version_start":257,"version_start_type":141,"version_end":142,"version_end_type":143,"fixed_in":9},">= 11.88.0.0, \u003C 11.110.0.97","11.88.0.0",{"version":259,"is_range":59,"range_type":66,"version_start":260,"version_start_type":141,"version_end":147,"version_end_type":143,"fixed_in":9},">= 11.112.0.0, \u003C 11.118.0.63","11.112.0.0",{"version":262,"is_range":59,"range_type":66,"version_start":263,"version_start_type":141,"version_end":151,"version_end_type":143,"fixed_in":9},">= 11.120.0.0, \u003C 11.126.0.54","11.120.0.0",{"version":265,"is_range":59,"range_type":66,"version_start":266,"version_start_type":141,"version_end":267,"version_end_type":143,"fixed_in":9},">= 11.128.0.0, \u003C 11.130.0.19","11.128.0.0","11.130.0.19",{"version":269,"is_range":59,"range_type":66,"version_start":270,"version_start_type":141,"version_end":155,"version_end_type":143,"fixed_in":9},">= 11.132.0.0, \u003C 11.132.0.29","11.132.0.0",{"version":272,"is_range":59,"range_type":66,"version_start":273,"version_start_type":141,"version_end":159,"version_end_type":143,"fixed_in":9},">= 11.134.0.0, \u003C 11.134.0.20","11.134.0.0",{"version":275,"is_range":59,"range_type":66,"version_start":276,"version_start_type":141,"version_end":163,"version_end_type":143,"fixed_in":9},">= 11.136.0.0, \u003C 11.136.0.5","11.136.0.0",{"ecosystem":9,"name":278,"vendor":250,"product":223,"cpe_part":136,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":279},"WHM",[280,281,282,283,284,285,286,287],{"version":253,"is_range":59,"range_type":66,"version_start":254,"version_start_type":141,"version_end":184,"version_end_type":143,"fixed_in":9},{"version":256,"is_range":59,"range_type":66,"version_start":257,"version_start_type":141,"version_end":142,"version_end_type":143,"fixed_in":9},{"version":259,"is_range":59,"range_type":66,"version_start":260,"version_start_type":141,"version_end":147,"version_end_type":143,"fixed_in":9},{"version":262,"is_range":59,"range_type":66,"version_start":263,"version_start_type":141,"version_end":151,"version_end_type":143,"fixed_in":9},{"version":265,"is_range":59,"range_type":66,"version_start":266,"version_start_type":141,"version_end":267,"version_end_type":143,"fixed_in":9},{"version":269,"is_range":59,"range_type":66,"version_start":270,"version_start_type":141,"version_end":155,"version_end_type":143,"fixed_in":9},{"version":272,"is_range":59,"range_type":66,"version_start":273,"version_start_type":141,"version_end":159,"version_end_type":143,"fixed_in":9},{"version":275,"is_range":59,"range_type":66,"version_start":276,"version_start_type":141,"version_end":163,"version_end_type":143,"fixed_in":9}]