Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CPanel and WHM emergency update for critical auth-bypass

Security Patch Release
First reported
Last updated
Happening score
H score 55
1 unique sources, 2 articles

Summary

Hide ▲

WebPros International released an emergency update for cPanel and WHM after a critical authentication-bypass flaw could expose supported installations to unauthorized control-panel access. The bulletin covers patched releases for the affected hosting software and directs administrators to run /scripts/upcp –force to retrieve the safe version. Because these tools are widely deployed for server and website management, prompt installation is important on internet-facing systems.

Cases

CVE-2026-41940 exploitation pushes cPanel and WHM remediation (6)

Related Happenings

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

Filemanager backdoor delivered on compromised cPanel environments

Malware Activity
First: 11.05.2026 20:54 Last: 11.05.2026 20:54 Sources 1

About this happening: The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Open Happening

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First: 30.04.2026 14:40 Last: 30.04.2026 14:40 Sources 1

How related: The vendor strongly recommends that all customers restart the ‘cpsrvd’ service after installing the latest releases of the software:

About this happening: cPanel issued mitigation guidance for **CVE-2026-41940** after fixes became available for **cPanel, WHM, and WP Squared**, urging customers to restart **cpsrvd** to reduce exposur...

Open Happening

Timeline

  1. 29.04.2026 18:51 2 articles · 28d ago

    Critical cPanel and WHM authentication bypass disclosure

    Initial Disclosure

    A critical vulnerability in cPanel and WHM could let an attacker gain unauthenticated access to the control panel on affected systems, including all but the latest versions. Namecheap temporarily blocked access to ports 2083 and 2087 to protect customers until patches were available, and WebPros International issued an emergency update with patched releases 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, and 11.134.0.20. Administrators were advised to run /scripts/upcp –force, and unsupported versions of cPanel remained ineligible for security updates.

    Show sources
    Open in new tab