CPanel CVE-2026-41940 mitigation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
cPanel issued mitigation guidance for CVE-2026-41940 after fixes became available for cPanel, WHM, and WP Squared, urging customers to restart cpsrvd to reduce exposure. If patching is not immediately possible, operators should block external access to 2083, 2087, 2095, and 2096, or stop the cpsrvd and cpdavd core services. The vendor also provided a detection script and recommended purging sessions, resetting credentials, auditing logs, and checking for persistence if compromise indicators appear.
Cases
Related Happenings
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
LiteSpeed User-End cPanel Plugin root script execution security flaw (CVE-2026-48172)
Vulnerability
H score48
First: 23.05.2026 10:35
Last: 23.05.2026 10:35
Sources 1
About this happening:
**CVE-2026-48172** in the **LiteSpeed User-End cPanel Plugin** is now **actively exploited**, creating **root-level arbitrary script execution** risk for exposed cPanel systems. T...
LiteSpeed User-End cPanel Plugin root script execution security flaw (CVE-2026-48172)
VulnerabilityAbout this happening: **CVE-2026-48172** in the **LiteSpeed User-End cPanel Plugin** is now **actively exploited**, creating **root-level arbitrary script execution** risk for exposed cPanel systems. T...
NGINX rewrite-rule workaround for CVE-2026-42945
Advisory/Mitigation
H score23
First: 14.05.2026 18:43
Last: 14.05.2026 18:43
Sources 1
About this happening:
**F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...
NGINX rewrite-rule workaround for CVE-2026-42945
Advisory/MitigationAbout this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
H score35
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Filemanager backdoor delivered on compromised cPanel environments
Malware Activity
H score33
First: 11.05.2026 20:54
Last: 11.05.2026 20:54
Sources 1
About this happening:
The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...
Filemanager backdoor delivered on compromised cPanel environments
Malware ActivityAbout this happening: The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...
Timeline
-
30.04.2026 14:40 2 articles · 2mo ago
CPanel CVE-2026-41940 mitigation guidance
Initial DisclosureOnce fixes for **CVE-2026-41940** were available, cPanel moved to containment guidance for affected hosting stacks. The advice centered on restarting **cpsrvd**, temporarily restricting service ports, and using the vendor detection script to look for compromise.
Show sources
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available — www.bleepingcomputer.com — 30.04.2026 14:40
- Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability — www.darkreading.com — 04.05.2026 22:14