{"id":208533,"date":"2026-05-04T11:43:00","date_gmt":"2026-05-04T15:43:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/04\/critical-vulnerability-in-cpanel-leads-to-widespread-exploitation\/"},"modified":"2026-05-04T12:00:11","modified_gmt":"2026-05-04T16:00:11","slug":"critical-vulnerability-in-cpanel-leads-to-widespread-exploitation","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/04\/critical-vulnerability-in-cpanel-leads-to-widespread-exploitation\/","title":{"rendered":"Critical vulnerability in cPanel leads to widespread exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-vulnerability-cpanel-widespread-exploitation\/819208\/\">Critical vulnerability in cPanel leads to widespread exploitation<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-vulnerability-cpanel-widespread-exploitation\/819208\/\">https:\/\/www.cybersecuritydive.com\/news\/critical-vulnerability-cpanel-widespread-exploitation\/819208\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-04 11:43:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>A critical vulnerability in cPanel is facing widespread exploitation across the globe, researchers warn.\u00a0<br \/>\nThe vulnerability, tracked as CVE-2026-41940, is an authentication bypass flaw in the login process that could allow a remote attacker to gain access to the control panel.<br \/>\nThe potential risk is significant, as cPanel and WHM act as web hosting control panel software for more than 70 million domains, according to researchers. WHM acts as the administrative interface and cPanel\u00a0serves as the user-facing panel for individual accounts, says watchTowr, which released a proof-of-concept of the vulnerability.<br \/>\ncPanel urged users to apply immediate security upgrades and warned the vulnerability affects all versions after 11.40.<br \/>\nKnownHost said it has begun blocking cPanel and WHM login ports across the KnownHost network as a precautionary measure.\u00a0<\/p>\n<p>Shadowserver Foundation on Friday reported more than 44,000 IPs were likely compromised. Researchers said the data was based on a spike in scanning, exploits and brute force attacks against its honeypot sensors.\u00a0<br \/>\nShadowserver reported more than 572,000 exposed instances across the globe as of Sunday, with more than 391,000 in North America.\u00a0<br \/>\nThe Cybersecurity and Infrastructure Security Agency on Thursday added the flaw to its Known Exploited Vulnerabilities catalog.\u00a0<br \/>\nResearchers at Defused see continued increases in threat activity, identifying more than 1,000 exploitation attempts since the vulnerability was disclosed.\u00a0<br \/>\n\u201cA lot of it revolves around building persistence into the systems by modifying or adding the attackers own credentials, and also some remote code execution activity,\u201d Simo Kohonen, founder and CEO of Defused, told Cybersecurity Dive.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical vulnerability in cPanel leads to widespread exploitation https:\/\/www.cybersecuritydive.com\/news\/critical-vulnerability-cpanel-widespread-exploitation\/819208\/ Publish Date: 2026-05-04 11:43:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":208534,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/afc2cT_wSNTtwgDLyekW2DaGlttgGcLfOIokJ5DtZOQ\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMTUxOTA0NTc5XzEuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-208533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208533"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208533"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208533\/revisions"}],"predecessor-version":[{"id":208535,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208533\/revisions\/208535"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208534"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}