Cloudflare has released an emergency Web Application Firewall (WAF) rule to protect against an authentication bypass vulnerability in cPanel, identified as CVE-2026-41940. This update aims to enhance the security of their customers by blocking attempts to exploit this vulnerability. Authentication bypass vulnerabilities are critical because they allow attackers to gain unauthorized access without valid credentials. Cloudflare's quick response in releasing a dedicated rule helps mitigate potential attacks targeting this issue, ensuring better protection for websites using cPanel. Users of Cloudflare's WAF are advised to update their rules promptly to benefit from this enhanced security measure.
Original tweet: https://twitter.com/Cloudforce_One/status/2049758503406076111