SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in ...

Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication ...
The Hacker News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Panel patches authentication flaw across supported versions, prompting Namecheap port blocks and temporary access limits.
Hosted on MSN

cPanel flaw exploited for months puts millions of servers at risk

A critical authentication bypass vulnerability in cPanel & WHM, tracked as CVE-2026-41940, has been actively exploited as a zero-day since at least February 2026. The flaw allows unauthenticated ...

cPanel, WHM emergency update fixes critical auth bypass bug

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be ...
Martin Cid Magazine

A new cPanel bug let attackers walk into 70 million websites without a password

A critical authentication bypass in cPanel and WHM let attackers walk through the front door of any internet-facing control ...

cPanel/WHM: Unauthorized access to web server configuration tool possible

Attackers can exploit a “ critical ” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration ...