UPDATE: CVE-2026-41940 authentication bypass in WebPros cPanel/WHM—previous assessment remains valid. Subsequent analysis confirms the vulnerability permits unauthenticated access to administrative functions through malformed session tokens; exploitation requires no user interaction. Remediation timeline unchanged: patch deployment mandatory within 72 hours for production environments handling sensitive host operations.