{"uuid": "4a77ab60-22dd-424e-9c24-a063b1a9e64b", "vulnerability": {"vulnId": "CVE-2026-41940", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "4a77ab60-22dd-424e-9c24-a063b1a9e64b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-08T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-08T00:00:00Z", "recorded_at": "2026-05-21T09:00:44Z", "first_seen_at": "2026-05-08T00:00:00Z"}, "scope": {"notes": "Affected: WebPros / cPanel | Description: cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | Exploitation type: ransomware | CWEs: CWE-306 | Origin source: CERT-PL | Notes: https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "CWE-306", "euvd": "EUVD-2026-26246", "notes": "https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "cPanel", "dateReported": "2026/05/08", "originSource": "CERT-PL", "vendorProject": "WebPros", "exploitationType": "ransomware", "vulnerabilityName": "", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2026-41940", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41940"}, {"id": "EUVD-2026-26246", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26246"}, {"id": "source", "url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026"}]}