www.malwarebytes.com 5/1/2026, 11:33:05 AM · external

Critical cPanel WHM bypass lets attackers hijack admin access

Critical cPanel WHM bypass lets attackers hijack admin access
Developing story vulnerability 8 articles tracked
Critical cPanel authentication bypass (CVE-2026-41940) exploited worldwide
CyberSIXT Evidence Panel
Primary Source support.cpanel.net
CISA KEV Listed in KEV
Patch Patch Available

SECURITY researchers have identified a critical authentication-bypass vulnerability (CVE-2026-41940) in cPanel and WebHost Manager (WHM) affecting millions of websites. Attackers can exploit this flaw to gain administrative access without credentials, posing significant risks, especially as cPanel is widely used by banks and health organizations. Patches were released on April 28, 2026, and users are urged to update their systems.

Hosting providers like Namecheap and HostGator have temporarily restricted cPanel access during this period. Users are advised to limit data sharing, avoid saving payment details online, use unique passwords with a password manager, and consider identity monitoring services.

View Primary Source Via www.malwarebytes.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline