Actively exploited cPanel bug exposes millions of websites to takeover
None
<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">Actively exploited cPanel bug exposes millions of websites to takeover</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Security researchers are <a href="https://techcrunch.com/2026/04/30/hackers-are-actively-exploiting-a-bug-in-cpanel-used-by-millions-of-websites/" rel="noreferrer noopener nofollow">warning</a> about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). </p><p>This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface without credentials, potentially take over servers and all hosted sites.</p><p>The vulnerability, tracked as <a href="https://www.cve.org/CVERecord?id=CVE-2026-41940" rel="noreferrer noopener nofollow">CVE-2026-41940</a>, has been added to the <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" rel="noreferrer noopener nofollow">Known Exploited Vulnerabilities catalog</a> by the Cybersecurity and Infrastructure Security Agency (CISA), meaning there is evidence it is being used in real-world attacks.</p><p>Because cPanel/WHM is used by over <a href="https://trends.builtwith.com/websitelist/CPanel">a million si</a><a href="https://trends.builtwith.com/websitelist/CPanel" rel="noreferrer noopener nofollow">t</a><a href="https://trends.builtwith.com/websitelist/CPanel">es</a> worldwide, including banks and health organizations, the potential impact is huge. In simple terms, the bug can act like a front‑door key to a big chunk of the web’s hosting infrastructure.</p><p><a href="https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026" rel="noreferrer noopener nofollow">cPanel released patches</a> on April 28, 2026, and urged all customers and hosts to update. It said all supported versions after 11.40 are affected, including DNSOnly and WP Squared.</p><p>Hosting providers including <a href="https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026/" rel="noreferrer noopener nofollow">Namecheap</a>, HostGator, and KnownHost temporarily blocked access to cPanel interfaces while patching, treating this as a critical authentication bypass and reporting exploit attempts going back to late February 2026.</p><h2 class="wp-block-heading" id="h-how-to-stay-safe">How to stay safe</h2><p>While it’s up to the hosting companies and website owners to patch as quickly as possible, there are ways to reduce your risk if a site you use is compromised.</p><p>As always, limit the data you share with websites to what’s absolutely necessary. Data they don’t have can’t be stolen.</p><p>When ordering from an online retailer, don’t tick the box to save your card details for future purchases as they will be stored on the server.</p><p>If there’s an option to check out as a guest, use it. It reduces the amount of personal data tied to an account.</p><p>Don’t reuse passwords. When one site is compromised, having the same credentials in several places turns it into a multi‑account takeover problem. A password manager can help you create complex unique passphrases, and remember them for you.</p><p>Where possible, pay by credit card. In many regions, this gives you stronger fraud protection.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:15%"> <figure class="wp-block-image aligncenter size-large is-resized"><img decoding="async" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/08/PersonalDataRemover-noinfo-icon-blue.svg?w=1024" alt="Personal Data Remover" class="wp-image-115567" style="width:70px"></figure> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-container-core-column-is-layout-10073889 wp-block-column-is-layout-flow" style="padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);flex-basis:60%"> <h3 class="wp-block-heading has-dark-blue-color has-text-color has-link-color wp-elements-2afe8cc7c9b6e1e46c9a35aecba313a2" id="h-your-details-are-probably-already-for-sale">Your details are probably already for sale. </h3> </div> <div class="wp-block-column is-vertically-aligned-center has-global-padding is-content-justification-right is-layout-constrained wp-container-core-column-is-layout-f1f2ed93 wp-block-column-is-layout-constrained" style="flex-basis:30%"> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-a2b2e60f-b6c4-45fc-8aac-20ae3cf27e09"> <div class="mb-button__row u-justify-content-center"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/personal-data-remover" data-type="link" data-id="https://www.malwarebytes.com/scamguard" rel="noreferrer noopener">FIND OUT HERE</a></p> </div> </div> </div> </div> </div><hr class="wp-block-separator aligncenter has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><h2 class="wp-block-heading" id="h-when-a-site-you-trust-gets-hacked">When a site you trust gets hacked</h2><p>If you think you’ve been <a href="https://www.malwarebytes.com/blog/personal/2023/09/involved-in-a-data-breach-heres-what-you-need-to-know" rel="noreferrer noopener">affected by a data breach</a>, take the following steps: </p><ul class="wp-block-list"> <li><strong>Check the company’s advice.</strong> Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.</li> <li><strong>Change your password.</strong> You can make a stolen password useless to thieves by changing it. Choose a <a href="https://www.malwarebytes.com/computer/how-to-create-a-strong-password" rel="noreferrer noopener">strong password</a> that you don’t use for anything else. Better yet, let a <a href="https://www.malwarebytes.com/what-is-password-manager" rel="noreferrer noopener">password manager</a> choose one for you.</li> <li><strong>Enable <a href="https://www.malwarebytes.com/blog/news/2023/10/multi-factor-authentication-has-proven-it-works-so-what-are-we-waiting-for" rel="noreferrer noopener">two-factor authentication (</a><a href="https://www.malwarebytes.com/cybersecurity/basics/2fa" rel="noreferrer noopener">2FA</a></strong><strong>).</strong> If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.</li> <li><strong>Watch out for impersonators.</strong> The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.</li> <li><strong>Take your time.</strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.</li> <li><strong>Consider not storing your card details</strong>. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.</li> <li><strong>Set up <a href="https://www.malwarebytes.com/cybersecurity/basics/dark-web-monitoring" rel="noreferrer noopener">identity monitoring</a></strong>, which alerts you if your <a href="https://www.malwarebytes.com/cybersecurity/basics/pii" rel="noreferrer noopener">personal information</a> is found being traded illegally online and helps you recover after.</li> </ul><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-0884d4d2 wp-block-columns-is-layout-flex" style="margin-top:var(--wp--preset--spacing--50);margin-bottom:var(--wp--preset--spacing--50)"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:85%"> <p><strong>What do cybercriminals know about you?</strong></p> <p> Use Malwarebytes’ free <strong>Digital Footprint scan </strong>to see whether your personal information has been exposed online.</p> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-9fb76ce6-e9be-4800-a515-474eb985c2be"> <div class="mb-button__row u-justify-content-flex-start"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/digital-footprint" rel="noreferrer noopener">SCAN NOW</a></p> </div> </div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover/" data-a2a-title="Actively exploited cPanel bug exposes millions of websites to takeover"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover</a> </p>