cPanel & WHM face critical zero-day authentication bypass vulnerability
Updated
Updated · watchTowr Labs · Apr 29
cPanel & WHM face critical zero-day authentication bypass vulnerability
8 articles · Updated · watchTowr Labs · Apr 29
watchTowr Labs disclosed CVE-2026-41940, affecting all supported cPanel & WHM versions, with in-the-wild exploitation confirmed by KnownHost.
The vulnerability allows attackers to bypass authentication via improper session handling and password encoding, compromising control panel access across over 70 million domains.
cPanel released urgent patches for all affected versions, while hosting providers like Namecheap applied fixes and temporarily blocked key ports to mitigate risks and prevent unauthorized access.
What are the tell-tale signs your server was already compromised by the cPanel exploit before the patch was applied?
Providers blocked ports to stop the cPanel hack, but what hidden risks does this drastic defense create for businesses?
SSL certificates now last only 200 days. How does this intensify pressure on already strained server administrators?
When a breach occurs, where does a hosting provider's 'Shared Responsibility' end and the customer's liability begin?
With AI-driven attacks rising, is the traditional software patch cycle now dangerously slow for critical internet infrastructure?
Why do critical authentication flaws, the top cause of breaches, still plague major software platforms in 2026?