Main Vulnerability Database Exploits ID:12708 - Exploit for Improper authentication in cPanel - CVE-2026-41940

ID:12708 - Exploit for Improper authentication in cPanel - CVE-2026-41940

Published: May 15, 2026

Vulnerability identifier: #VU128557

Vulnerability risk: Critical

CVE-ID: CVE-2026-41940

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
cPanel

Link to public exploit:

https://github.com/tc4dy/CVE-2026-41940-POC-Exploit

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application.

Successful exploitation of the vulnerability may result in full system compromise.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

ID:12708 - Exploit for Improper authentication in cPanel - CVE-2026-41940

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human