A critical authentication bypass vulnerability affects multiple active branches of cPanel and WHM (versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5), allowing unauthenticated attackers to gain full administrative access to web hosting control panels without valid credentials. Active exploitation has been reported, making this an immediate patching emergency for any organization running cPanel or WHM infrastructure. As of the audit date, cPanel has not requested a CVE identifier despite active exploitation, indicating emergency patch prioritization over formal CVE workflow. The business risk is severe: successful exploitation grants attackers complete control over hosted websites, email systems, databases, and customer data across shared, VPS, and dedicated hosting environments.