Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.

what's affectedby the security issue

mitigation statusMonitoring updates

first reportedApr 30, 2026

social pulse

mentions (24h)153

velocitytrend flat

mentions delta+0% vs prior snapshot

platform splitX 65% · Reddit 0% · GitHub 35%

keywords

cve-2026-41940socketlibrary

x analyticsheat 376 (flat)

authors 89verified 12%

likes3726

retweets767

replies108

quotes126

summaryLive chatter is accelerating; analysts are actively validating impact.

discussion

0 comments

Loading comments…

sources

https://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/

Curated Apr 30, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — Critical cPanel and WHM bug exploited as a zero-day, PoC now available. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…