MDR
Solutions
Partners
About
Resources
Affected Environment
Internet-facing WHM, cPanel, and WP Squared instances on Linux hosting infrastructure are exposed. Around 1.5M cPanel systems appear online.
Threat Overview
CVE-2026-41940 allows unauthenticated attackers to gain full administrative access and remote code execution. Active exploitation and ransomware observed.
Exposure Timeline
Exploitation began on 23 Feb 2026. cPanel released emergency fixes on 28 Apr 2026. CISA added the flaw to the KEV catalog after exploitation was confirmed.
Attack Surface
Publicly accessible WHM/cPanel interfaces and WP Squared deployments present the main risk. Shodan shows large numbers of potentially exposed cPanel hosts.
Technical Root Cause
A login-flow bug in cpsrvd lets attackers craft session files by abusing cookie handling and header injection. This bypasses normal authentication checks.
Exploitation Pathway
Attackers send a few crafted HTTP requests without credentials, manipulate the session cookie, and obtain WHM API admin access, enabling root-level commands.
Operational Impact
An attacker can control the cPanel host, its configuration, databases, and managed websites. Observed impact includes server compromise and Linux encryptor deployment.
Strategic Impact
Compromise of hosting control planes can cascade across many sites and customers. This directly threatens service availability, data integrity, and trust.
Required Mitigation
Promptly apply vendor patches for all affected cPanel, WHM, and WP Squared versions after testing. Strengthen vulnerability and patch management processes.
Incident Response Guidance
Identify and patch all exposed instances first. Then review logs for suspicious access and encryption activity, and follow standard response and recovery procedures.
References
Use vendor guidance and trusted analyses to validate exposure and fixes. Key sources include cPanel advisories, CISA KEV, and technical write-ups on CVE-2026-41940.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)