Critical cPanel Vulnerability CVE-2026-41940 Exploited Now

A serious security flaw in cPanel, one of the most widely used website hosting control panels, is being actively exploited by attackers, according to The Register. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability, tracked as CVE-2026-41940, to its Known Exploited Vulnerabilities catalog, confirming that real attacks are already underway.

What is the vulnerability?

According to The Register, CVE-2026-41940 carries a CVSS severity score of 9.8 out of 10, making it a near-worst-case flaw. It reportedly affects all supported versions of cPanel and WHM released after version 11.40, as well as WP Squared, a WordPress management layer built on the same platform. A successful exploit can give an attacker full control of the affected server.

Security researchers reportedly identified roughly 1.5 million internet-exposed cPanel instances, giving a sense of how widely this software is used. Exploitation was reportedly already underway before patches became available, with one hosting provider stating it had seen execution attempts as early as 23 February 2026.

What has happened so far?

According to The Register, the consequences are already visible. Hosting provider Namecheap reportedly temporarily blocked access to cPanel and WHM while fixes were prepared. Another provider, KnownHost, urged its customers to restrict access and to assume their systems could already be compromised if left unpatched.

On a more personal level, The Register reports that a small business owner described being hit with a ransomware demand of $7,000 after running a standard cPanel setup. The Register notes this account is anecdotal, but it illustrates the kind of real-world harm this vulnerability can cause.

What should you do?

If your website is hosted on a server that uses cPanel or WHM, the most important step is to contact your hosting provider and ask whether your environment has been patched and whether there are any signs of compromise. Do not assume your provider has already handled it. If you manage your own hosting, apply available updates immediately and follow the guidance from your provider to restrict access.

You can also review our security checklist for small businesses and check whether any vulnerable plugins may be adding further risk to your site.

What does this mean for your website?

If your website runs on shared or managed hosting that uses cPanel, your server could be among those affected, and you may not have direct control over when patches are applied. This is a good moment to ask your hosting provider for a clear update on the status of your account and whether any unusual activity has been detected. Keeping a record of that conversation is also sensible, particularly if you store any customer data on your site.

Source: The Register