Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability

A critical authentication bypass flaw in cPanel software products has come under heavy exploitation from a variety of threat actors shortly after public disclosure, putting millions of websites at risk via tens of thousands of compromised instances. On April 28, the software vendor, which specializes in Web hosting control-panel software, issued a security update to address a vulnerability affecting all supported versions of cPanel, WebHost Manager (WHM), and WP Squared products. On April 29, the flaw was identified as CVE-2026-41940 and assigned a critical CVSS score of 9.8. On the same day, WatchTowr Labs published a proof-of-concept (PoC) exploit and a technical analysis of the vulnerability, which researchers described as a "disaster" flaw that allows attackers to gain administrative access and take over servers and hosted websites. The plot thickened considerably when KnownHost, which offers managed cPanel hosting, flagged CVE-2026-41940 as a zero-day vulnerability, with approximately 30 servers showing signs of attempted exploitation. In follow-up posts on Reddit, KnownHost CEO Daniel Pearson confirmed the vulnerability had been exploited for "at least for the last 30 days," with signs of attempts as far back as Feb. 23. Meanwhile, Internet scanning from Censys showed the cPanel flaw came under attack from multiple threat actors within 24 hours of disclosure, illustrating once again that security teams these days have little time to patch critical flaws before exploitat...