cPanel, one of the world’s most widely used web hosting control panels, has been hit by a critical authentication bypass vulnerability (CVE-2026-41940) that hackers are actively exploiting to compromise servers.

The vulnerability resides in the authentication module of cPanel and WHM (WebHost Manager), allowing attackers to bypass login verification and gain direct administrative access to affected servers. Security firm watchTowr Labs described the situation dramatically, stating “The Internet Is Falling Down,” underscoring the severity and scale of the threat.

According to TechCrunch, hackers are already exploiting the vulnerability at scale. Given that cPanel provides hosting management services for millions of websites globally, the number of potentially affected servers is enormous. eSecurity Planet warns that the vulnerability could allow attackers to fully take over affected servers, gaining access to all website data hosted on them.

Security experts are urging all cPanel users to update to the latest patched version immediately. For server administrators unable to update right away, recommendations include temporarily disabling external access to cPanel and restricting access sources through firewall rules.

The Register reported that the vulnerability may have been exploited as a zero-day for some time before being publicly disclosed. This gap means many servers could have been compromised before the vulnerability went public.

cPanel has issued a security advisory and pushed out a patch update. Security researchers are calling on all website administrators using cPanel/WHM to take immediate action to prevent unauthorized server access.

Sources: TechCrunch, The Hacker News, watchTowr Labs, The Register