{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/wp2-wordpress-squared/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-41940"}],"_cs_exploited":false,"_cs_products":["cPanel \u0026 WHM","WP2 (WordPress Squared)"],"_cs_severities":["critical"],"_cs_tags":["cpanel","whm","wp2","wordpress","authentication-bypass","cve-2026-41940","initial-access"],"_cs_type":"advisory","_cs_vendors":["WebPros"],"content_html":"\u003cp\u003eWebPros cPanel \u0026amp; WHM (WebHost Manager) and WP2 (WordPress Squared) are affected by an authentication bypass vulnerability, identified as CVE-2026-41940. This flaw exists within the login flow, potentially granting unauthenticated remote attackers unauthorized access to the control panel. Successful exploitation allows attackers to bypass normal authentication mechanisms and directly access sensitive administrative functions within cPanel \u0026amp; WHM and WP2. Defenders should apply vendor-provided mitigations or discontinue use of the product if mitigations are not available. The vulnerability was disclosed in April 2026, and mitigations should be applied by May 3, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable cPanel \u0026amp; WHM or WP2 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request exploiting the authentication bypass vulnerability in the login flow.\u003c/li\u003e\n\u003cli\u003eThe request is sent to the target server, bypassing authentication checks.\u003c/li\u003e\n\u003cli\u003eThe server incorrectly processes the request, granting the attacker an authenticated session.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the authenticated session to access administrative interfaces and settings.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies server configurations, potentially creating new administrative accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker installs malicious plugins or software through the control panel.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full control over the web server and hosted websites.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41940 can lead to complete compromise of the affected cPanel \u0026amp; WHM or WP2 server. This can result in data breaches, website defacement, malware distribution, and denial-of-service attacks. The impact is significant due to the widespread use of cPanel \u0026amp; WHM in web hosting environments. Compromised servers could be leveraged for further attacks against other systems and networks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply mitigations provided by WebPros as detailed in their security update advisory to address CVE-2026-41940.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect cPanel/WHM Authentication Bypass Attempt\u0026rdquo; to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eIf mitigations cannot be immediately applied, follow BOD 22-01 guidance for cloud services, potentially isolating the affected system until patched.\u003c/li\u003e\n\u003cli\u003eConsider discontinuing use of the affected product if patches or mitigations are unavailable, as advised in the original CISA KEV entry.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-cpanel-auth-bypass/","summary":"CVE-2026-41940 is an authentication bypass vulnerability in WebPros cPanel \u0026 WHM and WP2 (WordPress Squared) that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","title":"WebPros cPanel \u0026 WHM and WP2 Authentication Bypass Vulnerability (CVE-2026-41940)","url":"https://feed.craftedsignal.io/briefs/2024-01-cpanel-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — WP2 (WordPress Squared)","version":"https://jsonfeed.org/version/1.1"}