A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM has been actively exploited in the wild, allowing unauthenticated attackers to gain root-level access to hosting control panels. With a public proof-of-concept exploit released, cPanel has issued emergency patches and urged administrators to update immediately to prevent widespread compromise across millions of hosting accounts globally.
https://cybersecuritynews.com/cpanel-0-day-authentication-bypass-vulnerability/

