Critical Authentication Bypass in cPanel Under Active Exploitation
A newly disclosed vulnerability in cPanel and WebHost Manager (WHM), tracked as CVE-2026-41940 (cve.org), is being actively exploited by hackers to take full control of web servers. The bug allows remote attackers to bypass the login screen and gain unrestricted access to the administrative panel, which manages websites, emails, databases, and core server configurations. Given that cPanel is used by tens of millions of websites globally, the threat surface is enormous. Security researchers warn that the exploit is trivial to execute and gives attackers deep server level access, making it a goldmine for data theft, malware deployment, and ransomware campaigns.
Web Hosts Scramble to Patch as Evidence of Prior Attacks Emerges
Major web hosting companies including Namecheap and HostGator have already blocked access to customer panels and deployed patches to prevent exploitation. However, KnownHost’s CEO revealed on Reddit that attackers may have been probing the vulnerability as early as February 23, nearly two months before public disclosure. While KnownHost found no signs of active compromise, the timeline suggests that sophisticated threat actors likely had a head start. Canada’s national cybersecurity agency has labeled exploitation “highly probable” and urged immediate patching. The pattern is all too familiar: a critical flaw in ubiquitous infrastructure, delayed response, and the predictable chorus of hosting companies racing to catch up. With hundreds of thousands of unpatched servers still exposed, this is a ticking time bomb for the web hosting ecosystem.
Source: Techcrunch
