<![CDATA[(malwarebytes.com) Critical Authentication Bypass Vulnerability in cPanel/WHM Actively Exploited by Threat Actors]]>

<![CDATA[(malwarebytes.com) Critical Authentication Bypass Vulnerability in cPanel/WHM Actively Exploited by Threat Actors]]>(malwarebytes.com) Critical Authentication Bypass Vulnerability in cPanel/WHM Actively Exploited by Threat Actors

Critical authentication bypass in cPanel/WHM (CVE-2026-41940) is under active exploitation. Attackers gain admin access without credentials, impacting millions of sites. CISA has listed it in the KEV catalog.

In brief - A zero-day flaw in cPanel/WHM (CVE-2026-41940) allows unauthenticated admin access, with active exploitation confirmed. Hosting providers are urged to patch immediately and restrict interface access.

Technically - CVE-2026-41940 affects cPanel/WHM v11.40+ (including DNSOnly/WP Squared), enabling privilege escalation via authentication bypass. Exploitation observed since February 2026; patches released April 28. Mitigations include patching, MFA enforcement, and access restrictions. Over 1M sites at risk.

Source: https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover

#Cybersecurity #ThreatIntel

]]>https://board.circlewithadot.net/topic/01c16cb0-024c-430f-a25b-0ce49597f8f2/malwarebytes.com-critical-authentication-bypass-vulnerability-in-cpanel-whm-actively-exploited-by-threat-actorsRSS for NodeFri, 15 May 2026 03:30:31 GMTFri, 01 May 2026 11:03:48 GMT60