Critical cPanel WHM flaw CVE-2026-41940 allows hackers access, customers urged

Technology May 01, 2026

A major security flaw in cPanel and WebHost Manager (WHM) is letting hackers sneak past login screens and access servers without permission.
This bug (CVE-2026-41940) could put millions of websites in danger, so cybersecurity experts and cPanel's team are urging cPanel customers and their web hosts to update their systems as soon as possible.

Hosts patch and limit cPanel access

Web hosting providers moved fast: Namecheap temporarily limited cPanel access so customers could patch things up, while Hostgator called it a "critical authentication-bypass exploit" and said it patched its systems.
KnownHost even blocked system access for a bit after spotting suspicious activity on about 30 servers, showing just how important quick updates are when vulnerabilities like this pop up.