Heads up to anyone still running cPanel servers
There’s a critical vulnerability (CVE-2026-41940) affecting cPanel & WHM that allows unauthenticated attackers to bypass login and gain full admin access. It’s rated very high severity (CVSS 9.8) and is already being actively exploited in the wild.
This one is serious, if your server is exposed, it can lead to full compromise (sites, databases, everything).
Update immediately to the latest patched version.
Don’t rely on temporary mitigations, patching is strongly recommended.
More info:
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
