A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940 , affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as WP Squared , a WordPress hosting management panel built on the cPanel platform. Internet scans conducted