Security experts have raised alarms over a critical vulnerability affecting cPanel and WebHost Manager (WHM), widely used tools that power millions of websites worldwide.

The flaw, identified as CVE-2026-41940, allows attackers to bypass authentication systems and gain full administrative control of affected servers.
The vulnerability poses significant risks due to the widespread use of the software across the web hosting industry.

With access to server controls, malicious actors could potentially manipulate websites, extract sensitive data, and disrupt online services on a large scale.

Although many hosting providers have already deployed patches, users are being urged to update their systems immediately.
Canada’s national cybersecurity agency has warned that exploitation is “highly probable,” particularly on shared hosting environments where multiple websites rely on the same infrastructure.

Major hosting firms, including Namecheap and HostGator, have taken precautionary measures such as temporarily restricting access to control panels while implementing fixes. These steps are aimed at minimizing exposure during the patching process.

Reports indicate that the vulnerability may have been exploited for months before its public disclosure. Executives at KnownHost revealed that attempts to breach their systems date back to February, although no widespread compromise has been confirmed.

The incident underscores ongoing challenges in cybersecurity, particularly as widely adopted infrastructure tools become high-value targets. Experts continue to emphasize the importance of timely updates and proactive monitoring to mitigate emerging threats.

Source: TechCrunch