VulnHub

Real-time Cybersecurity News

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

Help Net Security
Actively Exploited
CVEZero-dayExploitVulnerabilityPatchCritical

Overview

A serious vulnerability (CVE-2026-41940) affecting cPanel, a widely used web hosting control panel, has been exploited by attackers for several months before a patch was released. This authentication bypass flaw has been in active use since at least February 23, 2026, with indications that it may have been abused even earlier. The vulnerability primarily impacts users of cPanel, which is often provided by shared hosting services. The delay in addressing this issue raises concerns about the security of web hosting environments and the potential for unauthorized access to sensitive data. Companies using cPanel are urged to apply the latest security updates as soon as possible to mitigate risks associated with this exploit.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: cPanel, web hosting accounts managed via cPanel, shared hosting environments
  • Action Required: Users should apply the latest cPanel security updates immediately.
  • Timeline: Ongoing since February 23, 2026

Original Article Summary

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical details about the vulnerability – they have been spotted exploiting CVE-2026-41940 since February 23, and have likely been abusing it even earlier. About CVE-2026-41940 CPanel, typically provided by shared hosting companies, is one of the … More → The post cPanel zero-day exploited for months before patch release (CVE-2026-41940) appeared first on Help Net Security.

Impact

cPanel, web hosting accounts managed via cPanel, shared hosting environments

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since February 23, 2026

Remediation

Users should apply the latest cPanel security updates immediately. Specific patch numbers or versions were not mentioned in the article, but keeping cPanel up to date is crucial.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Exploit, and 3 more.

Read Original Article

Related Coverage

CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack

Infosecurity Magazine

CISA has launched the CI Fortify initiative, urging critical infrastructure operators to develop plans to stay operational in the event of a cyber-attack. This initiative is designed to help these operators create systems for isolating affected areas and recovering from attacks quickly. The focus is on ensuring that essential services, such as power, water, and transportation, remain functional even when targeted by cyber threats. The call to action comes as cyber threats continue to evolve, making it crucial for these operators to have effective response strategies in place. CISA emphasizes that preparation can significantly mitigate the impact of potential attacks on public safety and national security.

May 6, 2026

After the identity fix: MCP's confused deputy problem

SCM feed for Latest

The article discusses a potential issue with AI agents acting as 'confused deputies,' which means they may perform unintended actions based on users' requests. This can lead to security vulnerabilities where the AI might execute commands that the user did not intend, potentially exposing sensitive data or causing other negative consequences. The implications of this problem are significant, as it raises concerns about the reliability and safety of AI systems in various applications. Users and developers need to be aware of these risks to ensure that AI implementations are secure and do not inadvertently compromise user intentions. As AI technology becomes more prevalent, addressing these issues will be crucial for maintaining trust and safety in digital environments.

May 6, 2026

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Security Affairs

Apache has released updates to address multiple vulnerabilities in its HTTP Server, including a serious flaw identified as CVE-2026-23918. This vulnerability, which has a CVSS score of 8.8, is a double-free error in the handling of HTTP/2 requests. If exploited, it could allow attackers to execute arbitrary code on affected systems. Organizations using Apache HTTP Server, particularly those enabling HTTP/2, should prioritize updating their software to mitigate this risk. The nature of the flaw makes it critical for system administrators to be proactive in applying the latest patches to safeguard against potential attacks.

May 6, 2026

CISA: Critical Infrastructure Must Master Isolation, Recovery

SecurityWeek

The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance aimed at helping operators of critical infrastructure bolster their defenses against potential cyberattacks from foreign adversaries. This guidance stresses the importance of mastering isolation and recovery strategies to mitigate damage from attacks. Given the rising number of cyber threats targeting vital systems, this advice is particularly relevant for sectors like energy, transportation, and public health. By implementing these practices, organizations can better prepare for incidents, ensuring that they can maintain operations and recover swiftly after an attack. This proactive approach is essential for safeguarding national security and economic stability.

May 6, 2026

Proton Mail brings quantum-safe email encryption to all accounts

Help Net Security

Proton Mail has rolled out an optional feature called post-quantum protection for all users, including those on the free plan. This new capability generates encryption keys that aim to secure future emails from potential quantum computer attacks. To use this feature, users must update their Proton Mail apps, as older versions do not support the new encryption keys. This move is significant because it prepares users' email communications for a future where quantum computing could compromise traditional encryption methods. By enabling post-quantum protection, users can enhance the security of their encrypted emails against evolving threats.

May 6, 2026

Sophisticated Quasar Linux RAT Targets Software Developers

SecurityWeek

A new remote access trojan (RAT) known as Quasar is targeting software developers, allowing attackers to gain unauthorized access to systems. This malware is particularly concerning because it can perform surveillance and exfiltrate credentials, putting sensitive information at risk. Developers who work with Linux systems are especially vulnerable to this sophisticated implant. The presence of such malware in the wild raises alarms about the security of development environments and the potential for broader attacks on software supply chains. Users and companies should take immediate steps to secure their systems against this threat, as the implications could affect many in the tech industry.

May 6, 2026