A bug in popular cPanel, WHM, and WP Squared software has reportedly been exploited since Feb.; CISA it gives a 9.8 CVSS score, tells agencies to patch by May 3 (Jonathan Greig/The Record)
A critical vulnerability in widely used cPanel, WHM, and WP Squared software has been actively exploited since February 2026. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assigned the bug a 9.8 CVSS score, indicating severe risk, and mandates federal agencies to patch it by May 3. Organizations are urged to address the flaw promptly due to its high exploit potential and widespread use in web hosting environments.
- ▪A security flaw in cPanel, WHM, and WP Squared software has been exploited since February 2026.
- ▪CISA assigned the vulnerability a 9.8 CVSS score, classifying it as critical.
- ▪CISA has directed federal agencies to patch the vulnerability by May 3, 2026.
- ▪The affected software is widely used for managing web hosting services and websites.
Opening excerpt (first ~120 words) tap to expand
About This Page This is a Techmeme archive page. It shows how the site appeared at 1:55 PM ET, May 1, 2026. The most current version of the site as always is available at our home page. To view an earlier snapshot click here and then modify the date indicated. From Mediagazer Jeremy Barr / The Guardian: Speaking at an event, Sharyn Alfonsi voiced concern about “the spread of corporate meddling and editorial fear” at CBS News and uncertainty over her job Sara Guaglione / Digiday: USA Today's Q1 “other” digital revenue, including AI partnerships, grew 125.6% YoY to $33.75M; visitors fell 7.7% to 180M; digital ad revenue fell 3% to $80.9M Winston Cho / The Hollywood Reporter: A group of TV consumers sue in federal court in California to block Paramount's acquisition of WBD on antitrust…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Techmeme.
Discussion
0 commentsMore from Techmeme
