cPanel: Vulnerability Continues to Be Exploited — Thousands of Sites at Risk

Colleagues, please note: attacks against cPanel/WHM servers persist following discovery of a critical vulnerability.
- Shadowserver reports over 550,000 potentially vulnerable servers; approximately 2,000 instances are likely compromised (previously ~44,000).
- The flaw (CVE-2026-41940) permitted full control of the control panel; some sites displayed ransom demands with chat IDs.
- CISA added the vulnerability to KEV and urged patching by Sunday; providers indicate attacks may have been occurring since February.
Why it matters: unpatched panels risk takeover and data encryption. I recommend immediately verifying and updating cPanel/WHM, reviewing logs, and inventorying servers.
How do you plan to respond to this threat?
#cybersecurity #cPanel #WHM #infrastructure


Latest comments
No comments yet.