Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
Bleeping Computer

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is ...

Hackers are still exploiting the cPanel bug to gain control of thousands of websites

Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting and hacking websites.
NewsBytes

cPanel CVE-2026-41940 likely compromised about 2,000 servers CISA warned agencies

Hackers continue targeting thousands of websites using vulnerable cPanel software, exploiting a critical flaw that allows ...

New cPanel patch addresses CRLF injection flaw that could grant root server access

The vulnerability has been given a severity score of 9,8, and administrators should patch immediately.
Bleeping Computer

cPanel 2FA bypassed in minutes via brute-force attacks

A security flaw in the cPanel web hosting control panel allows attackers to circumvent two-factor authentication (2FA) checks via brute-force attacks for domains managed using vulnerable cPanel & ...