Key Points A new critical vulnerability, CVE-2026-41940, has been disclosed in cPanel & WHM, allowing unauthenticated attackers to gain root access on the underlying server and from there, trivial remote code execution (RCE). With over a million cPanel instances exposed to the internet, the affected population is enormous. What is CVE-2026-41940? CVE-2026-41940 is a pre-authentication flaw that le...