Critical cPanel vulnerability (CVE-2026-41940, CVSS 9.8) enabling full server compromise is now on CISA's known-exploited list as attackers actively weaponize it against millions of hosted sites. Hosting providers report exploitation began before patches shipped, with ransomware attacks already documented. The flaw affects all supported cPanel versions post-11.40 and WP Squared WordPress platform.
Infrastructure
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
cPanel's critical CVSS-9.8 full-server-compromise flaw (CVE-2026-41940) is now actively weaponized in ransomware attacks against millions of hosted sites, with exploitation confirmed on CISA's known-exploited list.
Friday, May 1, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
infrastructure
/// RELATED
Infrastructure4d ago
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day
CVSS 9.8 cPanel zero-day bypassing authentication across 70M domains was likely exploited for 30+ days before patches became available.
Safety4d ago
CPanel and WHM Authentication Bypass – CVE-2026-41940
Session data sanitization flaw in cPanel & WHM (CVE-2026-41940) enabled zero-day authentication bypasses against millions of hosted domains before patches shipped.