Critical cPanel and WHM bug exploited as a zero-day, PoC now available

146

•

Critical cPanel and WHM bug exploited as a zero-day, PoC now available (www.bleepingcomputer.com)

From the post:

>The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is unclear when exploitation started, but KnownHost, a hosting provider that uses cPanel, said the day the vulnerability was disclosed that "successful exploits have been seen in the wild" before a fix became available.

Archive: https://archive.today/lleVy From the post: >>The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is unclear when exploitation started, but KnownHost, a hosting provider that uses cPanel, said the day the vulnerability was disclosed that "successful exploits have been seen in the wild" before a fix became available.

Be the first to comment!

Login or register