Active cPanel Bug Exploited by Hackers on Millions of Sites
▼ Summary
– A critical vulnerability in cPanel and WebHost Manager (WHM) allows hackers to bypass the login screen and gain full control of servers.
– The bug, tracked as CVE-2026-41940, affects all supported versions of the software, which is used by tens of millions of website owners.
– Canada’s national cybersecurity agency warns exploitation is “highly probable” and urges immediate patching by customers or web hosts.
– Web hosting companies like Namecheap and HostGator have blocked access or applied patches to prevent exploitation.
– One hosting company, KnownHost, found evidence of exploitation attempts dating back to February 23, though no active compromises were confirmed.
Security experts are raising urgent warnings about a serious security flaw in cPanel and WebHost Manager (WHM) , two of the most popular web server management platforms in the world. The vulnerability, if left unpatched, allows attackers to seize complete control over affected servers , a risk that impacts tens of millions of website owners globally.
The bug, officially tracked as CVE-2026-41940, lets malicious actors bypass the login screen remotely and gain unrestricted access to the software’s administrative panel. Because cPanel and WHM have deep-level access to the servers they manage , handling everything from website hosting and email management to critical databases and domain configurations , a successful exploit could give hackers free rein over sensitive data and systems.
While many commercial web hosting providers have already deployed patches for their customers, the company behind cPanel is urging all users to verify their systems are updated. The flaw affects every supported version of the software, making immediate action essential.
Canada’s national cybersecurity agency issued an advisory warning that exploitation of this bug is “highly probable.” The agency stressed that website owners and their hosting providers must act quickly to prevent unauthorized access, especially on shared hosting servers where multiple sites could be compromised at once.
Major web hosting companies have responded swiftly. Namecheap, which relies on cPanel for customer server management, temporarily blocked access to its customers’ cPanel panels after learning of the flaw. This gave the company time to patch systems without risking exploitation. HostGator also confirmed it has patched its infrastructure, describing the bug as a “critical authentication-bypass exploit.”
Alarmingly, evidence suggests hackers may have been exploiting the vulnerability for months before it was discovered. KnownHost CEO Daniel Pearson revealed in a Reddit post that his company detected exploitation attempts dating back to February 23. KnownHost briefly blocked customer access to its systems while applying patches. According to Pearson, around 30 out of thousands of servers on the network showed signs of unauthorized access attempts, though no active compromises were confirmed.
In addition to the cPanel fix, the company also rolled out a security update for WP Squared, a similar tool designed for managing WordPress websites. For anyone using cPanel or WHM, the message is clear: patch immediately or risk losing control of your server.
(Source: TechCrunch)
