cPanel CVE-2026-41940 likely compromised about 2,000 servers CISA warned agencies
A major bug in cPanel and WebHost Manager (WHM) has let hackers break into around 2,000 cPanel instances likely compromised.
This flaw, called CVE-2026-41940, was made public last week, down from a peak of 44,000 hacked servers reported on April 30.
The Cybersecurity and Infrastructure Security Agency (CISA) flagged it as a serious risk and told government agencies to patch by May 3.
Hackers exploited cPanel flaw for ransomware
Hackers used this vulnerability to spread ransomware, locking up files on websites. Some sites have bounced back since then.
Security researchers say the attacks actually started before the bug was announced; KnownHost spotted weird activity as early as February.
Google search results reveal just how widespread these hacks are. To fix things, cPanel alerted users to the critical flaw. More than 550,000 servers are still at risk. It's definitely time for users to act fast.