Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
Hosted on MSN

cPanel flaw exploited for months puts millions of servers at risk

A critical authentication bypass vulnerability in cPanel & WHM, tracked as CVE-2026-41940, has been actively exploited as a zero-day since at least February 2026. The flaw allows unauthenticated ...
Hosted on MSN

New cPanel patch addresses CRLF injection flaw that could grant root server access

New critical severity vulnerability allows for authentication bypass The vulnerability affects cPanel and WebHost Manager Attackers can gain full root administrator privileges over any server ...
TechCrunch

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

Nearly a week after the makers of the popular web server management software cPanel and WebHost Manager (WHM) alerted users of a critical flaw in its software, hackers are now mass-compromising ...
Bleeping Computer

cPanel, WHM emergency update fixes critical auth bypass bug

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. The ...
heise online

cPanel/WHM: Unauthorized access to web server configuration tool possible

Attackers can exploit a “critical” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration software to gain unauthorized access. So far, there are no reports of ...
heise online

Security Patch: Security vulnerabilities in cPanel and WHM closed again

The web server and management software cPanel and WebHost Manager (WHM) are once again vulnerable. In the worst case, malicious code can get onto systems and compromise them. Admins should install the ...