Attackers are leveraging a critical vulnerability in cPanel, designated as CVE-2026-41940, to install a backdoor known as Filemanager, thereby gaining unauthorized administrative access to compromised servers. This vulnerability, which has a CVSS score of 9.3, is being actively exploited by cybercriminals. cPanel, a widely used web hosting control panel, provides a graphical interface for managing websites and servers, making it an attractive target for attackers. The exploitation of this flaw allows attackers to deploy the Filemanager backdoor, granting them elevated access to sensitive systems. This vulnerability was first disclosed by cybersecurity experts at watchTowr, who also released a tool to aid in detection1. The exploitation of CVE-2026-41940 significantly expands the attack surface, making it essential for practitioners to prioritize mitigation based on their exposure and evidence of exploitation.
Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor
⚠️ Critical Alert
Why This Matters
CVE-2026-41940 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, May 12). Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor. *SecurityAffairs*. https://securityaffairs.com/192013/cyber-crime/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor.html
Original Source
SecurityAffairs
Read original →