Hackers are exploiting a critical flaw in cPanel and WebHost Manager that can allow full server access without logging in.
Tracked as CVE-2026-41940, the issue lets attackers bypass authentication and reach admin panels. Canada’s Cyber Centre has warned that exploitation is “highly probable” and requires immediate action.
Because cPanel is widely used by hosting providers, attackers could gain control of websites, databases, and email accounts, potentially impacting multiple businesses on shared servers.
Patches have been released, but reports suggest that exploitation attempts began as early as February, before public disclosure.
To reduce risk, businesses should ensure systems are patched, check with hosting providers, review logs for unusual activity, and restrict access to admin interfaces.
It is costly for us to have our systems down and really appreciate the speed that your team respond to any issue we have. I don’t believe we have had any problems which you have not been resolved.
- Warren Patmore -