Skip to content
The Nexus
DossierENTITY

CVE-2026-41940

Coverage of CVE-2026-41940 in the Nexus archive.

Earliest in view: Apr 30 · 11:40 UTCMost recent: May 11 · 17:54 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 11 · 17:54 UTCTHE HACKER NEWS
    cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

    A threat actor named Mr_Rot13 is exploiting a cPanel vulnerability to deploy a backdoor called Filemanager, leveraging CVE-2026-41940 to bypass authentication and gain elevated control. The vulnerability affects cPanel and WebHost Manager, allowing remote attackers to compromise environments. This active exploitation poses a significant security risk.

  • SECURITYMay 2 · 21:54 UTCBLEEPING COMPUTER
    Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

    A critical cPanel vulnerability (CVE-2026-41940) is being widely exploited for 'Sorry' ransomware attacks, leading to website breaches and data encryption. The flaw allows attackers to breach systems and encrypt data, resulting in ransomware incidents.

  • SECURITYMay 1 · 16:20 UTCRECORDED FUTURE NEWS
    Federal agencies must patch cPanel bug by Sunday, CISA says

    CISA has mandated federal agencies to patch the cPanel vulnerability CVE-2026-41940 by Sunday. Rapid7's incident responders warned that successful exploitation allows attackers full control over cPanel systems, configurations, databases, and managed websites.

  • SECURITYApr 30 · 22:48 UTCHACKER NEWS
    The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940

    A critical authentication bypass vulnerability, CVE-2026-41940, has been discovered in CPanel/WHM, allowing attackers to bypass login screens and gain unauthorized access. The flaw, reported by Watchtowr Labs, has sparked widespread concern about server security.

  • SECURITYApr 30 · 20:49 UTCCYBERSCOOP
    cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

    cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.

  • SECURITYApr 30 · 11:40 UTCBLEEPING COMPUTER
    Critical cPanel and WHM bug exploited as a zero-day, PoC now available

    A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.

CVE-2026-41940 · Dossier · The Nexus