Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in ...

cPanel, WHM emergency update fixes critical auth bypass bug

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be ...
SecurityWeek

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Over 40,000 servers have likely been compromised in ongoing attacks targeted at a recently patched cPanel zero-day.
Dark Reading

Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability

The authentication-bypass flaw has multiple proof-of-concept exploits, and one researcher claims there's been zero-day ...
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.