Keypoints
- CISA directed agencies to patch CVE-2026-41940 by May 3.
- The vulnerability affects cPanel & WHM and scores 9.8 on the CVSS scale.
- Exploitation can grant attackers control over the cPanel host, configurations, databases, and hosted websites.
- Evidence indicates active exploitation since February and thousands of internet-exposed cPanel instances may be vulnerable.
- Vendors and hosting providers released fixes, detection tools, and emergency mitigations that have sometimes limited customer access.
Read More: https://therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug