A critical authentication bypass flaw in cPanel and WHM allows unauthenticated remote attackers to gain full administrative access to the control panel.

The login mechanism contains a logic flaw that permits unauthenticated access, effectively bypassing the security requirements for accessing the control panel.

With a CVSS score of 9.8, this vulnerability represents an existential risk to any server running the affected software. Unauthorized access to cPanel/WHM grants an attacker full control over the hosted websites, databases, and mail services, leading to catastrophic data loss and service disruption.

Immediate Action: Update cPanel and WHM to the latest secure version released by the vendor.

Proactive Monitoring: Inspect server logs for unusual login attempts or successful administrative sessions from unauthorized IP addresses.

Compensating Controls: Restrict access to the cPanel/WHM management ports (typically 2083/2087) using firewall rules to allow only known, trusted administrative IP addresses.

Public Exploit Available: Unknown

Due to the critical severity and the ease of exploitation, immediate patching is required. Organizations must verify the integrity of their control panel access logs to ensure the vulnerability has not already been leveraged by malicious actors.