Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 59
2 unique sources, 2 articles

Summary

Hide ▲

cPanel issued mitigation guidance for CVE-2026-41940 after fixes became available for cPanel, WHM, and WP Squared, urging customers to restart cpsrvd to reduce exposure. If patching is not immediately possible, operators should block external access to 2083, 2087, 2095, and 2096, or stop the cpsrvd and cpdavd core services. The vendor also provided a detection script and recommended purging sessions, resetting credentials, auditing logs, and checking for persistence if compromise indicators appear.

Cases

CVE-2026-41940 exploitation pushes cPanel and WHM remediation (6)

Related Happenings

LiteSpeed User-End cPanel Plugin root script execution security flaw (CVE-2026-48172)

Vulnerability
First: 23.05.2026 10:35 Last: 23.05.2026 10:35 Sources 1

About this happening: **CVE-2026-48172** in the **LiteSpeed User-End cPanel Plugin** is now **actively exploited**, creating **root-level arbitrary script execution** risk for exposed cPanel systems. T...

Open Happening

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

Filemanager backdoor delivered on compromised cPanel environments

Malware Activity
First: 11.05.2026 20:54 Last: 11.05.2026 20:54 Sources 1

About this happening: The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Timeline

  1. 30.04.2026 14:40 2 articles · 27d ago

    CPanel CVE-2026-41940 mitigation guidance

    Initial Disclosure

    Once fixes for **CVE-2026-41940** were available, cPanel moved to containment guidance for affected hosting stacks. The advice centered on restarting **cpsrvd**, temporarily restricting service ports, and using the vendor detection script to look for compromise.

    Show sources
    Open in new tab