A critical authentication bypass vulnerability in cPanel & WHM (CVE-2026-41940, CVSS 9.8) allows attackers to gain administrative control of the host system without credentials. Affected versions include cPanel 11.40 through 86.0.40, 88.0.0 through 110.0.96, 112.0.0 through 118.0.62, 120.0.0 through 124.0.34, and 126.0.1 through 126.0.53. The vulnerability is actively exploited by a stealthy threat actor, and administrators must upgrade to specific fixed versions, such as 86.0.41, 110.0.97, 118.0.63, 124.0.35, 126.0.54, or later releases as listed in the NVD data.
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing them administrator control over the cPanel host system, its configurations and databases, and the websites it manages. The attack campaign … More → The post Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) appeared first on Help Net Security .