Bleeping Computer

cPanel, WHM emergency update fixes critical auth bypass bug

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. The ...

Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
heise online

cPanel/WHM: Unauthorized access to web server configuration tool possible

Attackers can exploit a “critical” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration software to gain unauthorized access. So far, there are no reports of ...
Hosted on MSN

New cPanel patch addresses CRLF injection flaw that could grant root server access

New critical severity vulnerability allows for authentication bypass The vulnerability affects cPanel and WebHost Manager Attackers can gain full root administrator privileges over any server ...
Bleeping Computer

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is ...
IT News For Australia Business

cPanel drops patches for exploited authentication bypass zero-day

Web hosting software vendor cPanel has issued patches for a critical vulnerability in its software that is under exploitation and that allows attackers to bypass authentication. The flaw, indexed as ...
heise online

cPanel/WHM: 4000 instances in Germany already attacked

The Sorry ransomware group is currently targeting cPanel and WebHost Manager (WHM) instances. According to security researchers, there have already been more than 44,000 successful attacks worldwide.