The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
Summary + source link. No paywalls, no tracking.