A large-scale exploitation of a recently patched zero-day vulnerability, CVE-2026-41940, has compromised over 40,000 servers, granting attackers administrative access1. The attacks are targeting servers using cPanel, a popular web hosting control panel. The vulnerability, which was recently disclosed, allows attackers to gain elevated privileges, potentially leading to further malicious activity. The scale of the compromise suggests that attackers are actively scanning for vulnerable servers and exploiting the flaw before patches can be applied. The exploitation of CVE-2026-41940 expands the active attack surface, making it essential for organizations to prioritize patching based on their exposure and evidence of exploitation. This widespread compromise matters to security practitioners because it highlights the need for prompt patch management and vulnerability assessment to prevent similar attacks.