CISA has added CVE-2026-41940, a missing authentication vulnerability affecting WebPros cPanel, WHM, and WP2, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The flaw allows malicious actors to access critical functions without authentication, posing a significant risk to affected enterprises.