VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-41940: Widespread exploitation of cPanel to deploy Filemanager backdoor

CVE-2026-41940: массовая эксплуатация cPanel для установки бэкдора Filemanager

Colleagues, a security alert: cPanel vulnerability CVE-2026-41940 is already being exploited.

QiAnXin XLab reports that an actor known as Mr_Rot13 and automated scanners exploit an authentication bypass in cPanel/WHM.

Findings:
- Installation of SSH keys and PHP web shells for file upload and remote execution;
- Credential theft via login-page tampering with credentials exfiltrated using ROT13;
- Deployment of a cross-platform Filemanager backdoor, confidential data harvesting and exfiltration to Telegram.

Why it matters: compromised panels facilitate cryptomining, ransomware and botnet recruitment.

Have you inspected your cPanel/WHM instances and applied patches?

#cybersecurity #cPanel #vulnerabilities #incidents

Latest comments

No comments yet.