CVE-2026-41940: Widespread exploitation of cPanel to deploy Filemanager backdoor

Colleagues, a security alert: cPanel vulnerability CVE-2026-41940 is already being exploited.
QiAnXin XLab reports that an actor known as Mr_Rot13 and automated scanners exploit an authentication bypass in cPanel/WHM.
Findings:
- Installation of SSH keys and PHP web shells for file upload and remote execution;
- Credential theft via login-page tampering with credentials exfiltrated using ROT13;
- Deployment of a cross-platform Filemanager backdoor, confidential data harvesting and exfiltration to Telegram.
Why it matters: compromised panels facilitate cryptomining, ransomware and botnet recruitment.
Have you inspected your cPanel/WHM instances and applied patches?
#cybersecurity #cPanel #vulnerabilities #incidents


Latest comments
No comments yet.