Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers are sounding the alarm over a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM).
The vulnerability allows hackers to hack and control the servers running the affected software, which is believed to be used by millions of website owners worldwide.
Many web hosting companies have already created a system for their clients. But the cPanel developer urged customers to make sure their systems are patched as the bug affects them all types of software support.
cPanel and WHM are two sets of software used to manage servers that host websites, manage emails, and manage the necessary configurations and databases needed to maintain a web site. These two suites have access to the servers they control, allowing a malicious hacker to gain access to information that is run by the affected software.
This problem, commonly known as CVE-2026-41940allows malicious hackers to bypass its access barrier to gain access to the application’s administrator panel.
Considering the prevalence of cPanel and WHM software in the web development industry, hackers can compromise many websites that haven’t caught the bug.
The National Cybersecurity Agency of Canada said in counseling that the flaw could be used to disrupt websites on shared servers, such as large web hosting companies.
The agency said that “exploitation is possible” and that prompt action from cPanel customers, or their web hosts, is necessary to prevent malicious attacks.
Namecheap, which uses cPanel to allow customers to manage their servers, said the company blocked access to cPanel customer panels after learning of the bug to prevent exploitation, and to provide time. connecting the systems of its customers.
Hostgator also said he messed up his routine and sees the bug as a “critical authentication-bypass mechanism.”
A web hosting company says it found evidence that hackers had been exploiting the vulnerability for months before it happened.
KnowHost CEO Daniel Pearson said in a post on Reddit that his company has seen attempts to use this vulnerability since February 23. he said it also briefly started blocking client processes before applying patches.
According to Pearsonabout 30 servers at KnownHost showed signs of unauthorized testing among thousands of computers on its network. Pearson compared the efforts to efforts, and saw no signs of compromise. cPanel also reported he established security for WP Squared, a similar WordPress site management tool.
When you purchase through links in our articles, we can get a little work. This does not affect our authorship.