Security researchers have raised concerns regarding a critical vulnerability in the web server management software cPanel and WebHost Manager (WHM). This flaw, identified as CVE-2026-41940, allows hackers to bypass the login interface and gain full control over affected servers, potentially impacting millions of websites globally.
Commercial hosting providers have already implemented patches for their systems, yet cPanel has urged all users to verify that their installations are updated, as the vulnerability affects all supported software versions. The Canadian national cybersecurity agency emphasized the risk, stating that exploitation is likely, particularly on shared hosting environments.
Web hosting provider Namecheap has proactively restricted access to its customers' cPanel panels to mitigate potential attacks. Similarly, HostGator has classified the issue as a critical authentication-bypass exploit and has patched its systems accordingly. Notably, KnownHost CEO Daniel Pearson reported that attempts to exploit this vulnerability may have been occurring since February 23, prompting his company to take preventive measures.