cPanel patches authentication flaw across supported versions, prompting Namecheap port blocks and temporary access limits.
cPanel has released security updates to address a critical issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.
The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros. "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted.
CVE-2026-41940 (CVSS 9.8)
The authentication bypass vulnerability allows unauthenticated remote attackers to gain unauthorized access to the control panel. It has been actively exploited as a zero-day in the wild.
Immediate Mitigation Actions
While cPanel did not share any initial details, major hosting providers including Namecheap disclosed that it relates to an authentication login exploit. As a precautionary measure, companies applied firewall rules to block access to TCP ports 2083 and 2087.
cPanel has urged customers to perform the following actions immediately:
- Update the server immediately via the cPanel update script (
/scripts/upcp --force) - Verify and confirm the cPanel build version being returned and perform a restart
- Block inbound traffic on ports 2083, 2087, 2095, and 2096 at the firewall as a temporary mitigation
Technical Details: CRLF Injection
In its own advisory for the vulnerability, Rapid7 said CVE-2026-41940 is caused by a Carriage Return Line Feed (CRLF) injection in the login and session loading processes of cPanel and WHM, allowing an attacker to gain unauthorized administrative access.
Attackers can inject raw characters via a malicious basic authorization header, and the system subsequently writes the session file without sanitizing the data. As a result, the attacker can insert arbitrary properties, such as user=root, into their session file to establish administrator-level access.
Comments (0)
No comments yet.
Leave a Comment