Bleeping Computer

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is ...

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting ...

Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
Computing

Critical cPanel flaw exposes millions of servers to takeover risk

A critical security vulnerability affecting widely used web hosting software cPanel has prompted urgent calls for administrators to update their systems, amid reports of active ...
Hosted on MSN

cPanel flaw exploited for months puts millions of servers at risk

A critical authentication bypass vulnerability in cPanel & WHM, tracked as CVE-2026-41940, has been actively exploited as a zero-day since at least February 2026. The flaw allows unauthenticated ...
TechBooky

Hackers Are Exploiting Critical cPanel Bug, Putting Millions of Websites at Risk

Web hosting providers are racing to secure their infrastructure after security researchers disclosed a serious vulnerability in cPanel and WebHost ...
Bleeping Computer

cPanel, WHM emergency update fixes critical auth bypass bug

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. The ...