Hackers are already trying to take advantage of a newly discovered authentication bug in cPanel and WebHost Manager (WHM), which are popular tools for managing web servers, websites, email, and domain settings.
This flaw could let attackers bypass the login screen and gain “full access” to the admin panel. cPanel released security updates to fix an issue affecting “various authentication paths” that could let attackers into the control panel software.
A critical bug in infrastructure used across the web
This issue is especially serious because cPanel and WHM are used by so many people.
TechCrunch said the software is thought to be used by tens of millions of website owners around the world, so a flaw can affect much more than just one company or website.
The bug was identified as CVE-2026-41940, which lets hackers “remotely bypass its login screen.”
The Hacker News also said the problem affects all supported versions of cPanel and WHM.
cPanel has already issued patched versions, including 11.86.0.41, 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.130.0.19, 11.132.0.29, 11.136.0.5, and 11.134.0.20.
It also quoted cPanel as warning that if a server is not running a supported version eligible for the update, administrators should move toward upgrading “as soon as possible,” since those systems may also be affected.
Evidence suggests attackers were already probing the flaw
The most worrying part of the story is that exploitation does not appear to be merely theoretical.
TechCrunch reported that one web-hosting provider said it found signs that hackers had been abusing the vulnerability for months before the flaw became public.
The report cited KnownHost CEO Daniel Pearson, who said his company had seen attempts to exploit the bug as far back as February 23.
Pearson said around 30 servers at KnownHost showed signs of unauthorized attempted access out of the company’s broader fleet, though he said the company had not seen signs of successful active compromise.
Because hackers are already trying to exploit the bug, national cybersecurity agencies have acted quickly.
Canada’s national cybersecurity agency warned the flaw could be used to compromise websites on shared-hosting servers and said “exploitation is highly probable.”
The agency urged cPanel customers and web hosts to take immediate action.
Hosting companies rushed to lock down customer panels
Several major hosting companies have already taken action.
Namecheap temporarily blocked customer access to cPanel after learning about the flaw, to prevent attacks while patches were installed.
The same report said HostGator patched its systems and called the issue a “critical authentication-bypass exploit.” These actions show that hosting providers see the bug as a serious risk to customer infrastructure, not just a routine software problem.
This is important because cPanel and WHM control much more than just website files. The software has “deep-access” to the servers it manages.
This means a successful attacker could get into hosted data, email settings, databases, and domain management. In other words, a breach could give someone control over not just one website, but many key systems linked to that server account.
Why this bug is especially dangerous
This incident shows a common problem with internet infrastructure: many tools that keep websites running are mostly unnoticed until something goes wrong. cPanel is not a well-known brand like Google or Microsoft, but it is a key part of the hosting world.
That means any serious bug in its authentication system is a big target for attackers who want broad access with little effort.
For server owners and hosting customers, the advice is clear. If your system is not patched, update it right away. If your hosting provider manages your environment, make sure they have already applied the fix.
With a vulnerability affecting so many websites, waiting is not just risky. It could be exactly what attackers are hoping for.
