Find notable cyber news and cases, enriched with sources, timelines, and signals.

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 89
2 unique sources, 2 articles

Summary

Hide ▲

cPanel issued mitigation guidance for CVE-2026-41940 after fixes became available for cPanel, WHM, and WP Squared, urging customers to restart cpsrvd to reduce exposure. If patching is not immediately possible, operators should block external access to 2083, 2087, 2095, and 2096, or stop the cpsrvd and cpdavd core services. The vendor also provided a detection script and recommended purging sessions, resetting credentials, auditing logs, and checking for persistence if compromise indicators appear.

Cases

Related Happenings

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

LiteSpeed User-End cPanel Plugin root script execution security flaw (CVE-2026-48172)

Vulnerability
H score48 First: 23.05.2026 10:35 Last: 23.05.2026 10:35 Sources 1

About this happening: **CVE-2026-48172** in the **LiteSpeed User-End cPanel Plugin** is now **actively exploited**, creating **root-level arbitrary script execution** risk for exposed cPanel systems. T...

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
H score23 First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
H score35 First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Filemanager backdoor delivered on compromised cPanel environments

Malware Activity
H score33 First: 11.05.2026 20:54 Last: 11.05.2026 20:54 Sources 1

About this happening: The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...

Timeline

  1. 30.04.2026 14:40 2 articles · 2mo ago

    CPanel CVE-2026-41940 mitigation guidance

    Initial Disclosure

    Once fixes for **CVE-2026-41940** were available, cPanel moved to containment guidance for affected hosting stacks. The advice centered on restarting **cpsrvd**, temporarily restricting service ports, and using the vendor detection script to look for compromise.

    Show sources