Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.

Panel patched three vulnerabilities, including two 8.8 CVSS flaws, reducing risks of code execution and privilege escalation.

Tens of thousands of web servers running cPanel, one of the most widely used hosting control panels in the world, have been ...

A critical vulnerability in cPanel and WHM, tracked as CVE-2026-41940, allows attackers to bypass authentication and gain full server access. It may have been actively exploited since late February, ...

The authentication-bypass flaw has multiple proof-of-concept exploits, and one researcher claims there's been zero-day ...

A publicly released exploit for a critical cPanel and WebHost Manager flaw has intensified pressure on hosting companies and ...

CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow ...

Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The bug, discovered by security ...

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. ScalaHosting announces new SPanel-powered hosting plans Its team will take care of migration for ...