cPanel has released security updates for an authentication vulnerability affecting all supported versions of cPanel and WebHost Manager (WHM) that could allow unauthorized control panel access. The issue was disclosed by WebPros and lacks an official CVE identifier. Details regarding affected versions and patches are being managed through vendor communications.
Original (en)
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros on Tuesday. It does not have an official identifier. The issue has been addressed in
Published
Apr 29, 2026, 03:37 PM UTC
14d ago
Significance
CISA added CVE-2026-41940, a missing authentication vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared), to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. The vulnerability is classified as a critical function bypass and represents a frequent attack vector for malicious actors. CISA urges all organizations to prioritize remediation as part of their vulnerability management practices, with federal agencies required to remediate by applicable due dates under BOD 22-01.
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]
GovGuam probes cyberattack HAGATNA, 04 MAY 2026 (PACIFIC ISLAND TIMES)—Guam Governor Lou Leon Guerrero has ordered an investigation into a suspected cyberattack affecting government of Guam websites, a global incident linked to a critical zero-day vulnerability targeting cPanel-hosted websites. “Preliminary information indicates that multiple guam.gov websites may be affected as part of a broader global event impacting systems […] The post GovGuam probes cyberattack appeared first on Island Times News .
d47fc87f…openwatch.io →