Cpanel: >> Whm >> 58.0.20 Security Vulnerabilities
CVE-2026-41940
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Known exploited
CVSS Score
9.3
EPSS Score
0.165
Published
2026-04-29
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-19