A severe security vulnerability (CVE-2026-41940) has been discovered in cPanel and its companion tool WHM, the world’s most widely used web hosting control panel. The flaw allows attackers to bypass authentication mechanisms and gain direct server control. Security researchers warn that hackers are already actively exploiting the vulnerability, with millions of websites worldwide potentially at risk.

Vulnerability Details

CVE-2026-41940 is an authentication bypass flaw located in cPanel/WHM’s authentication module. By crafting specially formatted HTTP requests, attackers can circumvent normal login procedures and access the cPanel control panel with administrator privileges. This enables them to upload malicious files, deface websites, steal user data, and potentially take complete control of the entire hosting server.

The vulnerability carries a CVSS score of 9.8 out of 10, classified as “Critical.” Given that cPanel is used by millions of shared hosting servers globally, the potential impact is extraordinarily broad.

Active Exploitation

Security firms have observed that within hours of the vulnerability details being disclosed, a massive wave of automated scanning and exploitation attempts appeared across the internet. Attackers are using the flaw to rapidly deploy webshells, cryptocurrency mining scripts, and ransomware. Several hosting providers have already reported customer server compromises.

Remediation

cPanel has released a security patch addressing the vulnerability. All cPanel/WHM server administrators are strongly urged to take the following actions immediately:

1. Update Immediately: Upgrade cPanel/WHM to the latest patched version
2. Audit Logs: Review access logs for any suspicious login attempts
3. Reset Credentials: Change all cPanel account passwords and administrator credentials
4. Enable 2FA: Activate two-factor authentication for all administrative accounts

Industry Impact

This incident highlights the security fragility of shared hosting infrastructure once again. Security experts note that as one of the most widely deployed hosting control panels globally, a cPanel vulnerability extends far beyond a single product — it potentially impacts a significant portion of the internet’s hosting infrastructure.

Source: The Hacker News | BleepingComputer | cPanel Blog

cPanel, one of the world’s most widely used web hosting control panels, has been hit by a critical authentication bypass vulnerability (CVE-2026-41940) that hackers are actively exploiting to compromise servers.

The vulnerability resides in the authentication module of cPanel and WHM (WebHost Manager), allowing attackers to bypass login verification and gain direct administrative access to affected servers. Security firm watchTowr Labs described the situation dramatically, stating “The Internet Is Falling Down,” underscoring the severity and scale of the threat.

According to TechCrunch, hackers are already exploiting the vulnerability at scale. Given that cPanel provides hosting management services for millions of websites globally, the number of potentially affected servers is enormous. eSecurity Planet warns that the vulnerability could allow attackers to fully take over affected servers, gaining access to all website data hosted on them.

Security experts are urging all cPanel users to update to the latest patched version immediately. For server administrators unable to update right away, recommendations include temporarily disabling external access to cPanel and restricting access sources through firewall rules.

The Register reported that the vulnerability may have been exploited as a zero-day for some time before being publicly disclosed. This gap means many servers could have been compromised before the vulnerability went public.

cPanel has issued a security advisory and pushed out a patch update. Security researchers are calling on all website administrators using cPanel/WHM to take immediate action to prevent unauthorized server access.

Sources: TechCrunch, The Hacker News, watchTowr Labs, The Register