"CVE-2026-41940 provides unauthenticated attackers with administrative access to cPanel, allowing them to take over the host system and compromise all configurations, databases, and websites the platform manages."
"The Shadowserver Foundation was seeing tens of thousands of potentially compromised systems, with 44K unique IP numbers based on a spike of devices seen scanning/running exploits/brute force attacks."
"Most of the affected systems are in the US, with France and the Netherlands rounding up the top three, highlighting the widespread impact of this vulnerability."
A critical authentication-bypass vulnerability in cPanel & WebHost Manager, CVE-2026-41940, has compromised over 40,000 servers. This zero-day vulnerability allows unauthenticated attackers to gain administrative access, compromising configurations, databases, and websites. Exploitation began in late February, with a spike in activity following public disclosure. The Shadowserver Foundation reported significant numbers of affected systems, primarily in the US, France, and the Netherlands. Users are urged to update to patched versions of cPanel to mitigate risks and follow guidelines for identifying potential compromises.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]