CVE-2026-41940 represents a critical authentication bypass in WebPros cPanel/WHM and WP2 platforms, enabling unauthenticated remote actors to gain direct control panel access without credential verification. The vulnerability was identified in the login flow mechanism and has been catalogued by CISA in their Known Exploited Vulnerabilities database. Given the widespread deployment of cPanel in shared hosting environments, exploitation vectors are considered high-probability with minimal skill barriers.