Alerta · Publicado 30/04/2026 · Actualizado 26/05/2026
CISA ha añadido una vulnerabilidad a su catálogo de debilidades conocidas bajo explotación activa (CVE-2026-41940). Esta inclusión indica que el riesgo es inmediato para infraestructuras en México y LATAM. Las organizaciones deben identificar sistemas afectados y aplicar mitigaciones urgentemente según las orientaciones del fabricante responsable.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate id
Alerta publicada por CISA / US-CERT. Consulta el advisory completo para detalles técnicos, indicadores de compromiso y mitigaciones específicas.