CYBERSIXT Signal Over Noise
www.malwarebytes.com 5/1/2026, 11:33:05 AM · external

Critical cPanel WHM bypass lets attackers hijack admin access

Critical cPanel WHM bypass lets attackers hijack admin access
Incident Open incident page

DomainTools Investigations | Cybersecurity Reading List - Week of 2026-05-04

The Cybersecurity Reading List for the week of 2026-05-04 highlights a mix of official reports, agency guidance and research reflecting a broad threat landscape. Notable items include FBI/IC3 reporting a surge in cyber-enabled strategic cargo theft, and UK NCSC sharing fresh advice for defending against China-linked covert networks as PRC activity evolves.…

First seen 2026-04-29T22:19:56.188Z · Last seen 2026-05-07T23:32:47.959Z

CVE-2026-41940
CyberSIXT Evidence Panel
Primary Source support.cpanel.net
CVE Intel
CVE-2026-41940 - NVD CISA KEV due 2026-05-03 9.8 CRITICAL
CISA KEV Listed in KEV
Patch Patch Available

SECURITY researchers have identified a critical authentication-bypass vulnerability (CVE-2026-41940) in cPanel and WebHost Manager (WHM) affecting millions of websites. Attackers can exploit this flaw to gain administrative access without credentials, posing significant risks, especially as cPanel is widely used by banks and health organizations. Patches were released on April 28, 2026, and users are urged to update their systems.

Hosting providers like Namecheap and HostGator have temporarily restricted cPanel access during this period. Users are advised to limit data sharing, avoid saving payment details online, use unique passwords with a password manager, and consider identity monitoring services.

View Primary Source Via www.malwarebytes.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline