Critical cPanel Vulnerability Under Active Exploitation by Hackers

A critical security vulnerability, designated **CVE-2026-41940**, has been discovered in **cPanel** and **WHM**, widely used web server management software. This bug allows attackers to bypass login screens and gain full administrative control of affected servers. **Security researchers** and **web hosting companies** are scrambling to patch systems, with some reporting evidence of exploitation occurring for months prior to public disclosure. Canada's national cybersecurity agency has deemed exploitation 'highly probable,' urging immediate action to prevent widespread compromise of websites hosted on these platforms.

• A critical authentication bypass vulnerability (CVE-2026-41940) is actively being exploited in cPanel/WHM.
• Millions of websites are at risk due to the widespread adoption of cPanel.
• Hackers may have been abusing the flaw for months before its public disclosure.
• Web hosts are rushing to patch affected systems, with some taking immediate blocking measures.
• Immediate action is required from all cPanel users and their hosting providers to secure servers.

The vulnerability **CVE-2026-41940** presents a significant risk due to the extensive deployment of **cPanel** and **WHM** across the web. While many providers have initiated patching, the timeline of exploitation, with evidence suggesting abuse for months before discovery, raises questions about existing monitoring and incident response protocols. The full extent of compromised systems remains unclear, pending further investigation and widespread patching efforts.

The rapid response from major web hosts like **Namecheap** and **HostGator**, who have already patched systems and blocked access, demonstrates the industry's capability to swiftly address critical threats. This incident, while serious, highlights the resilience of the web hosting ecosystem and the effectiveness of coordinated security efforts in mitigating widespread damage. The swift patching and communication will ultimately strengthen the security posture of the millions of websites relying on **cPanel**.

The fact that hackers may have been exploiting this critical authentication bypass for months, as reported by **KnownHost**, is deeply concerning. This suggests a significant blind spot in security monitoring for many hosting providers, potentially leaving countless websites vulnerable to data breaches and further malicious activity. The sheer scale of **cPanel**'s user base means that even a small percentage of unpatched servers could translate into millions of compromised digital assets.

Originally reported by TechCrunch