cPanel Authentication Bypass Vulnerability Discovered
A high-severity security vulnerability, identified as CVE-2026-41059, has been discovered in OAuth2 Proxy versions 7.5.0 through 7.15.1. The flaw allows for a configuration-dependent authentication bypass, potentially granting unauthorized access to protected resources. This discovery is critical for organizations relying on this reverse proxy for secure authentication.
Topics
Developing
- 862d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 862d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 862d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 862d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Mastodon
“CVE-2026-41059 - High (8.2) OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass.”
Mastodon
“The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs”
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade