Hackers are actively exploiting a critical vulnerability in cPanel and WebHost Manager (WHM), two widely used web hosting control panels that manage millions of websites globally. The flaw, tracked as CVE-2026-41940, allows attackers to bypass authentication and gain full administrative access to affected systems.
The vulnerability carries a near-maximum severity rating of 9.8 and impacts all supported versions of cPanel released after version 11.40. Security researchers have confirmed that the flaw enables remote, unauthenticated attackers to access the control panel, effectively taking control of the server and the websites it manages.
Once exploited, attackers can modify server configurations, access databases, and compromise all websites hosted on the affected system—particularly dangerous in shared hosting environments where multiple sites rely on a single server.
The issue stems from improper handling of authentication and session data, allowing attackers to manipulate login processes and create privileged sessions without valid credentials. In practical terms, this means hackers can gain root-level access—the highest level of control on a server—without needing to log in.
Researchers indicate that the vulnerability may have been exploited as a zero-day for months before public disclosure, with signs of active attacks dating back to early 2026. This significantly increases the risk, as many systems could already be compromised before patches were applied.
Given cPanel’s massive footprint—powering tens of millions of domains—the flaw has raised serious concerns across the web hosting industry. Experts warn that unpatched systems could lead to widespread website defacement, data theft, and full server takeovers at scale.
In response, cPanel has released emergency patches, and major hosting providers have taken precautionary measures such as temporarily blocking access to control panels while deploying fixes. Security agencies have urged immediate updates, noting that exploitation is “highly probable” if systems remain unpatched.
The incident highlights the critical risk posed by vulnerabilities in widely used infrastructure software, where a single flaw can expose millions of websites and significantly disrupt the broader internet ecosystem.
, two widely used web hosting control panels that){kind=link}