Hackers Exploiting Critical cPanel Vulnerability Worldwide, Thousands of Servers Targeted Under CVE-2026-41940

A critical security vulnerability in cPanel and WHM, one of the world’s most widely used web hosting control panels, has triggered a global cybersecurity alert after hackers began actively exploiting the flaw to gain unauthorized access to servers and websites.

The vulnerability, identified as CVE-2026-41940, allows attackers to bypass authentication protections and potentially take control of hosting servers without valid login credentials. Cybersecurity researchers say the flaw is already being used in real-world attacks targeting hosting providers, businesses, and website owners across multiple countries.

Timeline of Events:

• February 2026: Security experts believe the vulnerability may have first been exploited secretly by attackers.
• April 28, 2026: cPanel released emergency security patches and advisories for affected versions.
• April 29, 2026: The vulnerability was publicly disclosed under CVE-2026-41940.
• Early May 2026: Reports of mass exploitation, malware infections, phishing pages, and ransomware attacks started increasing globally.

According to cybersecurity firms, attackers are using the flaw to:

• Hijack hosting servers
• Inject malware into websites
• Create fake admin accounts
• Steal databases and customer information
• Redirect visitors to phishing or scam pages
• Launch ransomware attacks

Because a single cPanel server can host hundreds of websites, one successful breach can impact multiple businesses at the same time. Security researchers estimate that thousands of servers may already have been targeted worldwide. Hosting companies and security agencies are now urging administrators to immediately update cPanel and WHM installations, enable two-factor authentication, rotate passwords, and scan servers for suspicious activity. Experts have warned that organizations delaying updates could face website defacement, data theft, service outages, or complete server compromise.