Hackers Are Actively Exploiting a Bug In cPanel, Used By Millions of Websites

Source: Slashdot

Overview

Hackers are actively exploiting a critical cPanel and WHM vulnerability, tracked as CVE‑2026‑41940. The flaw allows remote attackers to bypass the login screen and gain full administrative access to affected web servers.

Affected Software

cPanel and WHM are software suites used for managing web servers, hosting websites, handling email, and configuring databases. Because they have deep access to the servers they manage, a successful exploit can give a malicious actor unrestricted access to the data and services controlled by the software.

Impact

Given the ubiquity of cPanel and WHM across the web‑hosting industry, the vulnerability could compromise a large number of websites that have not applied the patch. Major hosts such as Namecheap, HostGator, and KnownHost have already taken mitigation steps or deployed patches, but many other providers and individual customers remain at risk.

Mitigation and Recommendations

cPanel is urging all customers and web hosts to update immediately. The official security advisory provides the necessary update and instructions: cPanel Security Update for CVE‑2026‑41940.

Advisory from the Canadian Cybersecurity Agency

Canada’s national cybersecurity agency issued an advisory noting that the bug could be exploited to compromise websites on shared‑hosting servers, including those of large hosting companies. The agency stated that “exploitation is highly probable” and that immediate action by cPanel customers or their web hosts is necessary to prevent malicious access. Details can be found in the agency’s advisory: AL26‑008 – Vulnerability affecting cPanel/WHM (CVE‑2026‑41940).

One web‑hosting company reported evidence that hackers had been abusing the vulnerability for months before the attempts were discovered.