CVE-2026-41940 is a critical authentication bypass in cPanel and WHM under active mass exploitation by threat actor Mr_Rot13 using more than 2,000 attacker IPs. Exploitation requires no credentials and delivers ransomware, cryptominers, botnet implants, and a cross-platform backdoor. Organizations with internet-facing cPanel or WHM instances should treat this as an active incident response scenario.