SecAlerts
CVE ListPricingSign Up
cpanel logo

cpanel

Security Risk Profile

85
/100
critical

Security Risk Score

Comprehensive risk assessment based on 442 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 10, 2003 to present

442
Total CVEs
130
Critical+High
6
Exploited
125
Unpatched

Threat Assessment

Avg CVSS
6.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
125
Critical/High
Risk Level
85/100
critical
⚠️ 6 Active Exploits 3 Zero-Days🆕 1Fresh (<7d)📈 10 in Last 30 Days

Severity Distribution

Critical
38
High
92
Medium
257
Low
43

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
0

Age Distribution

Common Weaknesses (CWE)

1
XSS
114
2
Input Validation
72
3
Infoleak
30
4
SQL Injection
9
5
Path Traversal
7

Most Affected Products

1. Cpanel Cpanel1336
2. Cpanel WHM126
3. Cpanel WebHost Manager28
4. Cpanel cPanel & WHM3
5. Cpanel WebHost Manager (WHM)3

Recent Vulnerabilities

See more →
https://reddit.com/r/netsec/comments/1th9bpu/new_age_of_collisions_reading_arbitrary_files/
unknown

New Age of Collisions: Reading Arbitrary Files Pre-Auth as root in cPanel (CVE-2026-29205)

5/19/2026🔧 No Patch
CVE-2026-29203
CVSS 5.3medium
5/8/2026🔧 No Patch
darkreading-20260504191414
unknown

Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability

5/4/2026⚠ Exploited⚡ Zero-Day🔧 No Patch
bleepingcomputer-20260502215400
unknown

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

5/2/2026⚠ Exploited⚡ Zero-Day🔧 No Patch
https://www.theregister.com/2026/05/01/critical_cpanel_vuln_hits_cisa/
unknown

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

5/1/2026⚠ Exploited🔧 No Patch
https://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/
unknown

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

4/30/2026⚠ Exploited🔧 No Patch
https://www.theregister.com/2026/04/30/cpanel_whn_cves/
unknown

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

4/30/2026⚠ Exploited⚡ Zero-Day🔧 No Patch
https://reddit.com/r/netsec/comments/1szqnax/high_fidelity_check_for_the_cpanel_authentication/
unknown

High Fidelity Check for the cPanel Authentication Bypass (CVE-2026-41940)

4/30/2026🔧 No Patch
https://reddit.com/r/netsec/comments/1sz5aoi/the_internet_is_falling_down_falling_down_falling/
unknown

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs

4/29/2026🔧 No Patch
CVE-2026-41940
CVSS 9.3critical

WebPros cPanel and WHM Authentication Bypass via Login Flow

4/29/2026⚠ Exploited

Monitor cpanel in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.