Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Critical cPanel and WHM Bug Exploited as a Zero-Day, PoC Now Available

Researchers say the flaw lets attackers log in without a password, and Rapid7 estimates about 1.5 million cPanel instances are exposed online.

Summary by BleepingComputer
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.

7 Articles

Tech RadarTech Radar
Center

'The Internet is falling down': Critical cPanel CRLF injection vulnerability puts tens of millions of websites at risk of total compromise – hosting providers urged to apply CVE-2026-41940 patch immediately

A new critical severity vulnerability can give attackers full control over WHM servers, allowing them to steal data, upload malware, and delete websites.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.

Read Full Article
SempreUPdateSempreUPdate

Critical cPanel Failure: How to Fix CVE-2026-41940

The discovery of a vulnerability in the cPanel identified as CVE-2026-41940 ignited an urgent alert in the hosting and security community. The failure, classified as zero-day, is being actively explored since February and allows authentication bypasses, opening the way for unauthorized access to servers. Considering the wide adoption of cPanel and WHM in shared hosting environments and VPS, the potential impact is significant. System administrat…

Read Full Article
Help Net SecurityHelp Net Security

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

A critical vulnerability (CVE-2026-41940) in the cPanel control panel for managing web hosting accounts, is being exploited by attackers.

Read Full Article
securityweek.comsecurityweek.com

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.

Read Full Article
unsafe.shunsafe.sh

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Malware Analysis, News and Indicators broke the news on Wednesday, April 29, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Technology icon

Technology

Internet icon

Internet

Gadgets icon

Gadgets

Big Tech and Platforms icon

Big Tech and Platforms

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal