(malwarebytes.com) Critical Authentication Bypass Vulnerability in cPanel/WHM Actively Exploited by Threat Actors

orlysec@swecyb.com

(malwarebytes.com) Critical Authentication Bypass Vulnerability in cPanel/WHM Actively Exploited by Threat Actors

Critical authentication bypass in cPanel/WHM (CVE-2026-41940) is under active exploitation. Attackers gain admin access without credentials, impacting millions of sites. CISA has listed it in the KEV catalog.

In brief - A zero-day flaw in cPanel/WHM (CVE-2026-41940) allows unauthenticated admin access, with active exploitation confirmed. Hosting providers are urged to patch immediately and restrict interface access.

Technically - CVE-2026-41940 affects cPanel/WHM v11.40+ (including DNSOnly/WP Squared), enabling privilege escalation via authentication bypass. Exploitation observed since February 2026; patches released April 28. Mitigations include patching, MFA enforcement, and access restrictions. Over 1M sites at risk.

Source: https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover

#Cybersecurity #ThreatIntel