Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

cPanel and WHM Authentication Bypass Vulnerability in Login Flow

Vulnerability

Exploited

An authentication bypass vulnerability has been identified in cPanel and WHM. This issue affects versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5. The vulnerability allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting the login flow.

Impact

Exploitation of this vulnerability allows unauthorized access to the cPanel or WHM control panel, as well as to Webmail, Webdisk, and SSL connections.

Remediation

Users can update to the patched versions of cPanel & WHM by running the command '/scripts/upcp --force'. After the update, cPanel users can verify their version with the command '/usr/local/cpanel/cpanel -V'.

Added: Apr 29, 2026, 4:27 PM

Updated: Apr 30, 2026, 5:11 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

0.0

relevance

7.0

threat

9.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

0.0

relevance

7.0

threat

9.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

cPanel and WHM Authentication Bypass Vulnerability in Login Flow

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating