CRITICAL: Authentication bypass vulnerability CVE-2026-41940 affects WebPros cPanel & WHM and WP2 (WordPress Squared) platforms, enabling unauthenticated remote exploitation of login mechanisms to achieve unauthorized administrative access. The vulnerability permits direct control panel compromise without credential requirements, representing elevated risk to hosted infrastructure and customer data across affected installations. Exploitation vector requires network access only, with no user interaction necessary. CISA has added this vulnerability to the Known Exploited Vulnerabilities catalog, indicating active threat activity.