Is CVE-2026-41940 in the CISA Known Exploited Vulnerabilities catalog?

Yes — CVE-2026-41940 is listed in CISA KEV, remediation due 2026-05-03.

Which frameworks does CVE-2026-41940 affect?

CVE-2026-41940 affects WordPress.

CISA Known Exploited Vulnerability

CVE-2026-41940

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized ac

⚠ Actively exploited (CISA KEV) WordPress 2026

CISA catalog entry

Product

cPanel & WHM and WP2 (WordPress Squared)

Vendor

WebPros

Added to KEV

2026-04-30

Remediation due

2026-05-03

CVE-2026-41940 is tracked in the CISA Known Exploited Vulnerabilities catalog. WebPulse monitors it as part of its framework security intelligence.

View CVE-2026-41940 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-8206 CVE-2026-8181 CVE-2026-3844 CVE-2026-10795 CVE-2026-4020 CVE-2026-1293 CVE-2026-8732 CVE-2026-4798