cPanel
Coverage of cPanel in the Nexus archive.
- cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 is exploiting a cPanel vulnerability to deploy a backdoor called Filemanager, leveraging CVE-2026-41940 to bypass authentication and gain elevated control. The vulnerability affects cPanel and WebHost Manager, allowing remote attackers to compromise environments. This active exploitation poses a significant security risk.
- CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers
CPanel experienced a series of vulnerabilities resulting in a ransomware attack on 44,000 servers, which have since been patched with three new security fixes. The attack highlights concerns over server security and the importance of regular updates. CPanel's response to the issue has been prompt, but the incident raises questions about potential future vulnerabilities.
- cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The vulnerabilities include CVE-2026-29201 with a CVSS score of 4.3. Users are advised to patch now to prevent potential attacks.
- Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
A critical vulnerability in cPanel has been disclosed, allowing for authentication-bypass and potentially threatening millions. Multiple proof-of-concept exploits have appeared, with claims of zero-day activity for at least a month. The flaw poses a significant security risk to users.
- Hackers are still exploiting the cPanel bug to gain control of thousands of websites
Hackers are exploiting a critical vulnerability in cPanel and WHM to gain control of thousands of websites, despite the bug being disclosed days ago. The vulnerability is still being targeted by hackers, who are hacking websites. This ongoing issue affects popular web hosting software.
- Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
A previously unknown threat actor is targeting government and military entities in Southeast Asia by exploiting a cPanel vulnerability, alongside managed service providers and hosting providers in several countries. The activity was detected on May 2, 2026, and involves exploiting a recently disclosed vulnerability. This affects networks in the Philippines, Laos, Canada, South Africa, and the U.S.
- Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
A critical cPanel vulnerability (CVE-2026-41940) is being widely exploited for 'Sorry' ransomware attacks, leading to website breaches and data encryption. The flaw allows attackers to breach systems and encrypt data, resulting in ransomware incidents.
- Federal agencies must patch cPanel bug by Sunday, CISA says
CISA has mandated federal agencies to patch the cPanel vulnerability CVE-2026-41940 by Sunday. Rapid7's incident responders warned that successful exploitation allows attackers full control over cPanel systems, configurations, databases, and managed websites.
- First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
A critical vulnerability in cPanel, a widely used hosting stack, is being actively exploited, with reports of ransomware demands emerging before patches were released. CISA has added the flaw to its list of known-exploited vulnerabilities, highlighting the risk to millions of websites.
- The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940
A critical authentication bypass vulnerability, CVE-2026-41940, has been discovered in CPanel/WHM, allowing attackers to bypass login screens and gain unauthorized access. The flaw, reported by Watchtowr Labs, has sparked widespread concern about server security.
- cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.
- Hackers are actively exploiting a bug in cPanel, used by millions of websites
Hackers are actively exploiting a critical vulnerability in cPanel, a web hosting platform used by millions of websites. Web hosts are urgently working to address the issue, with one company reporting that the bug has been abused by attackers for months.
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.
- Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root server access, with emergency patches now available. The flaw, likely exploited as a 0-day, affects millions of domains managed through the platform.
- cPanel, WHM emergency update fixes critical auth bypass bug
A critical vulnerability in cPanel and WHM allows unauthorized access to the control panel. An emergency update has been released to address this issue.
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
cPanel has released security updates to address a critical authentication vulnerability affecting all supported versions of its control panel software. The flaw could allow attackers to gain unauthorized access, and users are urged to update immediately to the specified patched versions.