Hackers are continuing to actively exploit a critical vulnerability in cPanel, one of the most widely used web hosting control panel systems, allowing them to take control of thousands of websites globally. Security researchers have confirmed ongoing attacks targeting unpatched servers running cPanel and Web Host Manager (WHM).
The flaw, tracked as CVE-2026-41940, is an authentication bypass vulnerability that enables attackers to gain unauthorized access without needing login credentials. By exploiting this weakness, cybercriminals can remotely access the administration panel and take full control of affected servers and the websites hosted on them.
Given the widespread use of cPanel across the web hosting ecosystem, the impact is significant. Millions of websites rely on the platform, and unpatched systems remain highly vulnerable to takeover, data theft, malware deployment, or complete service disruption.
Researchers indicate that attackers have been leveraging the vulnerability for weeks, with exploitation continuing even after patches were released. The bug’s simplicity and effectiveness make it particularly dangerous, as it allows full administrative access through relatively straightforward attack methods.
Cybersecurity agencies and experts are urging organizations and hosting providers to apply security updates immediately and monitor systems for signs of compromise. Additional mitigation measures, such as restricting access to cPanel interfaces and reviewing server logs, are also being recommended to reduce exposure.
The ongoing exploitation highlights a broader challenge in cybersecurity: even after critical vulnerabilities are disclosed and patched, delays in updates can leave large portions of the internet exposed, enabling attackers to scale operations rapidly and compromise infrastructure at scale.
