Hackers are actively exploiting a bug in cPanel, used by millions of websites
Security researchers have identified a critical vulnerability in cPanel and WebHost Manager (WHM) that allows attackers to bypass authentication and gain full administrative access to affected servers. The flaw, tracked as CVE-2026-41940, impacts all supported versions of the software used by millions of websites globally. Although major hosting providers like Namecheap and Hostgator have applied patches, evidence suggests hackers may have been attempting to exploit the bug since February.
Opening excerpt (first ~120 words) tap to expand
Security researchers are sounding the alarm on a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). The bug allows hackers to hijack and take full control of the servers running the affected software, which is thought to be used by tens of millions of website owners around the world. Many commercial web hosting companies have patched their customers’ systems already. But the cPanel maker urged customers to ensure that their systems are patched as the bug affects all supported versions of the software. cPanel and WHM are two software suites used for managing web servers that host websites, manage emails, and handle important configurations and databases needed to maintain an internet domain.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
