CPanel security patch release for CVE-2026-41940
Security Patch Release
Summary
Hide ▲
Show ▼
cPanel released security updates for cPanel and WHM after an authentication bypass flaw could let remote attackers reach control-panel access, with fixes now covering multiple supported builds and WP Squared 136.1.7. The update set spans several named releases, and cPanel told operators of unsupported versions to move to a supported build as soon as possible. Administrators were also told to apply the patch immediately, while temporary mitigations blocked 2083/2087/2095/2096 or stopped cpsrvd and cpdavd until deployment.
Cases
Related Happenings
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch Release
H score59
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch ReleaseAbout this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
H score82
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Nginx security patch release for CVE-2026-49975
Security Patch Release
H score42
First: 03.06.2026 22:08
Last: 03.06.2026 22:08
Sources 1
About this happening:
Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...
Nginx security patch release for CVE-2026-49975
Security Patch ReleaseAbout this happening: Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...
Timeline
-
04.05.2026 22:14 1 articles · 2mo ago
Rapid exploitation of CVE-2026-41940 targets cPanel, WHM, and WP Squared
Exploitation ObservedCVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.
Show sources
- Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability — www.darkreading.com — 04.05.2026 22:14
-
29.04.2026 12:37 1 articles · 2mo ago
Initial report: CPanel security patch release for CVE-2026-41940
Initial DisclosureOn **2026-04-29**, cPanel and WebPros published the first security update notice for supported **cPanel and WHM** versions, listing fixed builds and urging operators to upgrade eligible servers immediately.
Show sources
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37