A critical vulnerability in cPanel and WebHost Manager (WHM) is being actively exploited, allowing attackers to bypass authentication and gain administrative access to the interface without credentials. This bug, tracked as CVE-2026-41940, enables threat actors to potentially take over servers and all hosted sites. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to the Known Exploited Vulnerabilities catalog, indicating evidence of active exploitation. As a result, millions of websites are exposed to takeover, emphasizing the need for immediate attention. The fact that CVE-2026-41940 is being discussed by CISA with an emphasis on its exploitation status1 highlights the urgency of patching or monitoring this vulnerability. This matters to practitioners because the exploitation of this vulnerability can lead to widespread compromise of web servers and hosted sites, making prompt mitigation essential to prevent catastrophic consequences.
Actively exploited cPanel bug exposes millions of websites to takeover
⚠️ Critical Alert
Why This Matters
CVE-2026-41940 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- Malwarebytes Labs. (2026, May 1). Actively exploited cPanel bug exposes millions of websites to takeover. *Malwarebytes*. https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover
Original Source
Malwarebytes Labs
Read original →