{"id":12592,"date":"2026-05-04T10:03:44","date_gmt":"2026-05-04T10:03:44","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/05\/04\/cisa-warns-of-cpanel-whm-vulnerability-exploited-in-attacks\/"},"modified":"2026-05-04T10:03:44","modified_gmt":"2026-05-04T10:03:44","slug":"cisa-warns-of-cpanel-whm-vulnerability-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/05\/04\/cisa-warns-of-cpanel-whm-vulnerability-exploited-in-attacks\/","title":{"rendered":"CISA Warns of cPanel &amp; WHM Vulnerability Exploited in Attacks"},"content":{"rendered":"\n<div>CISA Warns of cPanel &#038; WHM Vulnerability Exploited in Attacks<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms.<\/p>\n<p>CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively abusing it in real-world attacks.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/cpanel-0-day-authentication-bypass-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">Tracked as CVE-2026-41940<\/a>, the defect targets WebPros cPanel &amp; WHM (WebHost Manager) as well as WP2 (WordPress Squared).<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-understanding-the-authentication-bypass-flaw\"><strong>Understanding the Authentication Bypass Flaw<\/strong><\/h2>\n<p>CVE-2026-41940 is officially classified as a \u201cMissing Authentication for Critical Function\u201d vulnerability, mapped to the weakness identifier CWE-306.<\/p>\n<p>The security gap exists directly within the login flow of the affected products.<\/p>\n<p>Because the software fails to properly verify user identities during the authentication process, unauthenticated remote attackers can bypass security checks completely.<\/p>\n<p>This means a cybercriminal does not need valid usernames or passwords to break in.<\/p>\n<p>Instead, they can <a href=\"https:\/\/cybersecuritynews.com\/cpanelsniper-poc-exploit\/\" target=\"_blank\" rel=\"noreferrer noopener\">exploit the login mechanism<\/a> to instantly gain unauthorized administrative access to the hosting control panel.<\/p>\n<p>WebPros cPanel &amp; WHM is a popular suite that simplifies website and server management, while WP2 provides streamlined WordPress operations.<\/p>\n<p>Control panels are highly attractive targets for attackers because they serve as the administrative backbone for thousands of websites, databases, and server configurations.<\/p>\n<p>The widespread adoption of these tools means a single flaw can expose countless domains to immediate compromise.<\/p>\n<p>Once an attacker bypasses the login screen, they effectively hold the keys to the kingdom.<\/p>\n<p>They can modify website files, steal sensitive database information, reroute web traffic, or establish persistent backdoors for future access.<\/p>\n<p>While CISA notes that it is currently unknown if this specific vulnerability is tied to ongoing ransomware campaigns, the risk remains severe.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/cpanel-vulnerability-exploited\/\" target=\"_blank\" rel=\"noreferrer noopener\">Compromised hosting environments are frequently weaponized<\/a> to host phishing pages, run cryptomining scripts, or launch coordinated attacks against other networks.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-required-mitigations-and-deadlines\"><strong>Required Mitigations and Deadlines<\/strong><\/h2>\n<p>To counter this active threat, CISA mandates immediate action from federal agencies, and private organizations are strongly encouraged to adopt the same protective measures.<\/p>\n<p>Security teams and system administrators should prioritize the following steps:<\/p>\n<ul class=\"wp-block-list\">\n<li>Apply the latest security patches provided by the vendor immediately to secure the login flow.<\/li>\n<li>Follow the security guidance outlined in CISA\u2019s Binding Operational Directive (BOD) 22-01 specifically regarding cloud services.<\/li>\n<li>Discontinue the use of the vulnerable product entirely if updates or practical mitigations are unavailable for your specific environment.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-41940\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CISA originally added this vulnerability to the KEV catalog<\/a> on April 30, 2026, and set a strict remediation deadline of May 3, 2026.<\/p>\n<p>Because this deadline has already passed, organizations that have not yet patched their systems must treat this as a critical incident response priority.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/cpanel-whm-vulnerability-exploited\/\">CISA Warns of cPanel &amp; WHM Vulnerability Exploited in Attacks<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/cpanel-whm-vulnerability-exploited\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Warns of cPanel &#038; WHM Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms. CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively abusing it [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-12592","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/12592"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=12592"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/12592\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=12592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=12592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=12592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}