CVE-2026-41940: Critical cPanel Authentication Bypass Exposes Hosting Systems

CVE-2026-41940 is an authentication-bypass vulnerability in cPanel & WHM (including DNSOnly installs) affecting all supported versions released after 11.40; cPanel published patches for multiple versions and WP Squared 136.1.7, and administrators are urged to run /scripts/upcp --force and restart cpsrvd. Immediate mitigations include blocking TCP ports 2083/2087/2095/2096 or disabling cpsrvd/cpdavd, while a provided detection script scans /var/cpanel/sessions for IOCs (e.g., token_denied with cp_security_token, tfa_verified without origin, multi-line password values); confirmed compromises require session purges, password resets, log audits, and persistence hunts. Namecheap and other providers applied temporary firewall rules and are rolling out patches; systems on unsupported or manually pinned versions must be updated urgently to mitigate the risk.