CVE-2026-41940 (CVSS 9.8) in cPanel and WebHost Manager allows attackers to bypass authentication and gain root access to servers managing ~70M domains. The vulnerability affects all supported versions prior to patching and was likely exploited as a zero-day for at least 30 days. Emergency patches are now available.
Infrastructure
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day
CVSS 9.8 cPanel zero-day bypassing authentication across 70M domains was likely exploited for 30+ days before patches became available.
Friday, May 1, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
infrastructure
/// RELATED
Infrastructure4d ago
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
cPanel's critical CVSS-9.8 full-server-compromise flaw (CVE-2026-41940) is now actively weaponized in ransomware attacks against millions of hosted sites, with exploitation confirmed on CISA's known-exploited list.
Safety4d ago
CPanel and WHM Authentication Bypass – CVE-2026-41940
Session data sanitization flaw in cPanel & WHM (CVE-2026-41940) enabled zero-day authentication bypasses against millions of hosted domains before patches shipped.