NOC Security Advisory: cPanel & WHM Vulnerability (CVE-2026-41940)

Severity: Critical

Status: Active - Immediate Action Required

Date: April 28, 2026

Overview

A critical security vulnerability (CVE-2026-41940) affects all cPanel & WHM versions, including DNSONLY.
This may impact authentication mechanisms and overall system security.

Impact

- All internet-facing cPanel & WHM servers are affected

- Potential compromise of authentication processes

- Increased infrastructure risk if unpatched

Required Actions

1. Immediately update all affected servers

2. Ensure latest supported versions are installed

3. Verify automatic updates are enabled

4. Include DNSONLY servers in patching scope

Important Notes

- Upgrade unsupported/outdated versions as priority

- Mitigation steps for non-upgradable systems are under review

- Automatic updates may be enforced on unpatched supported systems

Reference

cPanel Security Update Article

NOC Recommendation

Treat as Priority 1. Audit systems, confirm patching, and escalate blockers immediately.