Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication ...
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.

Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug ...

New cPanel patch addresses CRLF injection flaw that could grant root server access

The vulnerability has been given a severity score of 9,8, and administrators should patch immediately.
GovInfoSecurity

Attacks Surge Against Vulnerable cPanel and WHM Software

Tens of thousands of online dashboards controlling servers and web hosting accounts appear to have been compromised by ...
TELL Magazine

CRITICAL ALERT: 1.5 Million cPanel Servers Exposed to Passwordless Hack — Cybercriminals Had Full Access for Over 2 Months

A critical cPanel vulnerability (CVE-2026-41940) exposed up to 1.5 million servers to passwordless takeover for over two ...