A newly disclosed security issue, tracked as CVE-2026-41940, has raised significant concerns across the web hosting ecosystem, particularly for systems running cPanel and WebHost Manager (WHM). The flaw, described as an authentication bypass security vulnerability, affects multiple authentication pathways and could potentially allow unauthorized users to gain access to sensitive control panel environments. 

The vulnerability was formally acknowledged in a security advisory published on April 28, 2026, and later updated several times, with the most recent revision on April 29, 2026, at 02:46 PM CST. The advisory, titled “Security: CVE-2026-41940 - cPanel & WHM / WP2 Security Update 04/28/2...