{"id":9610,"date":"2026-04-30T23:45:52","date_gmt":"2026-05-01T03:45:52","guid":{"rendered":"https:\/\/hostingdiscussion.com\/news\/?p=9610"},"modified":"2026-04-30T23:33:56","modified_gmt":"2026-05-01T03:33:56","slug":"hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk","status":"publish","type":"post","link":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/","title":{"rendered":"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk"},"content":{"rendered":"<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">A critical security vulnerability in <a href=\"https:\/\/www.cpanel.net\/products\/cpanel-whm-features\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">cPanel and WebHost Manager<\/a> is drawing urgent attention across the web hosting industry, and the timeline makes it considerably more alarming than a typical software disclosure. While the flaw only recently became public knowledge, <a href=\"https:\/\/www.knownhost.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">KnownHost<\/a> CEO Daniel Pearson confirmed that his company found exploitation attempts stretching back to February 23, meaning hackers had months of quiet activity before anyone raised the alarm publicly.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">The vulnerability, tracked as CVE-2026-41940, lets malicious hackers remotely bypass the login screen for cPanel and WHM&#8217;s administration panel entirely, gaining unrestricted access to the server management software without needing valid credentials.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">Given that cPanel and WHM handle website files, email configurations, databases, and domain settings for tens of millions of website owners globally, the potential exposure runs well beyond individual servers. Shared hosting environments carry particular risk, since a single compromised server can affect large numbers of customers simultaneously.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">Canada&#8217;s national cybersecurity agency described exploitation as highly probable and called for immediate action from anyone running cPanel, either directly or through their web hosting provider. Several major hosting companies moved quickly once the flaw surfaced. <a href=\"https:\/\/hostingdiscussion.com\/news\/namecheap-valued-at-1-5-billion-as-cvc-moves-toward-majority-stake\/\">Namecheap<\/a> temporarily blocked customer access to cPanel panels to prevent exploitation while deploying patches across its infrastructure. <a href=\"https:\/\/www.hostgator.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">HostGator<\/a> classified the issue as a critical authentication-bypass exploit and confirmed its teams patched all systems promptly. KnownHost identified around 30 servers showing signs of unauthorized access attempts out of thousands on its network, though Pearson noted these appeared to be attempts rather than confirmed compromises.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\"><a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">cPanel<\/a> released patches covering all supported versions of the software and urged customers to confirm their systems carry the update. The company also pushed a security fix for WP Squared, a related tool for managing WordPress websites that shares similar underlying architecture.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">The months-long gap between the earliest known exploitation attempts and public disclosure is the detail that should concern hosting providers and their customers most. Attackers who knew about an unpatched authentication bypass in one of the web&#8217;s most widely deployed management platforms had significant time to probe, test, and potentially access servers before defenders could respond.<\/p>\n<p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\">Security researchers note that this kind of quiet pre-disclosure exploitation period often results in compromises that organizations only discover weeks or months later during unrelated investigations. For anyone running cPanel who has not yet confirmed their patch status, that window makes urgency the only appropriate response right now.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical security vulnerability in cPanel and WebHost Manager is drawing urgent attention across the web hosting industry, and the timeline makes it considerably more alarming than a typical software disclosure. While the flaw only recently became public knowledge, KnownHost CEO Daniel Pearson confirmed that his company found exploitation attempts stretching back to February 23, [&hellip;]<\/p>\n","protected":false},"author":20624,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[6543,6541,6542,4401,6544,4044],"class_list":["post-9610","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cpanel-security-patch","tag-cpanel-vulnerability","tag-cve-2026-41940","tag-web-hosting-security","tag-whm-authentication-bypass-exploit","tag-zero-day-exploit"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News\" \/>\n<meta property=\"og:description\" content=\"A critical security vulnerability in cPanel and WebHost Manager is drawing urgent attention across the web hosting industry, and the timeline makes it considerably more alarming than a typical software disclosure. While the flaw only recently became public knowledge, KnownHost CEO Daniel Pearson confirmed that his company found exploitation attempts stretching back to February 23, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-01T03:45:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-01T03:33:56+00:00\" \/>\n<meta name=\"author\" content=\"Justine Juyad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justine Juyad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/\",\"name\":\"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News\",\"isPartOf\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\"},\"datePublished\":\"2026-05-01T03:45:52+00:00\",\"dateModified\":\"2026-05-01T03:33:56+00:00\",\"author\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\"},\"breadcrumb\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hostingdiscussion.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/\",\"name\":\"Web Hosting News\",\"description\":\"Cloud and web hosting industry daily news\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\",\"name\":\"Justine Juyad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"caption\":\"Justine Juyad\"},\"description\":\"HostingDiscussion.com senior reporter\",\"sameAs\":[\"https:\/\/hostingdiscussion.com\/news\/\"],\"url\":\"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/","og_locale":"en_US","og_type":"article","og_title":"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News","og_description":"A critical security vulnerability in cPanel and WebHost Manager is drawing urgent attention across the web hosting industry, and the timeline makes it considerably more alarming than a typical software disclosure. While the flaw only recently became public knowledge, KnownHost CEO Daniel Pearson confirmed that his company found exploitation attempts stretching back to February 23, [&hellip;]","og_url":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/","og_site_name":"Web Hosting News","article_published_time":"2026-05-01T03:45:52+00:00","article_modified_time":"2026-05-01T03:33:56+00:00","author":"Justine Juyad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Justine Juyad","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/","url":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/","name":"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk - Web Hosting News","isPartOf":{"@id":"https:\/\/hostingdiscussion.com\/news\/#website"},"datePublished":"2026-05-01T03:45:52+00:00","dateModified":"2026-05-01T03:33:56+00:00","author":{"@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3"},"breadcrumb":{"@id":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostingdiscussion.com\/news\/hackers-have-been-quietly-exploiting-this-cpanel-flaw-since-february-and-millions-of-sites-are-at-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostingdiscussion.com\/news\/"},{"@type":"ListItem","position":2,"name":"Hackers have been quietly exploiting this cPanel flaw since February, and millions of sites are at risk"}]},{"@type":"WebSite","@id":"https:\/\/hostingdiscussion.com\/news\/#website","url":"https:\/\/hostingdiscussion.com\/news\/","name":"Web Hosting News","description":"Cloud and web hosting industry daily news","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3","name":"Justine Juyad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","caption":"Justine Juyad"},"description":"HostingDiscussion.com senior reporter","sameAs":["https:\/\/hostingdiscussion.com\/news\/"],"url":"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/"}]}},"views":9,"_links":{"self":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/9610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/users\/20624"}],"replies":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/comments?post=9610"}],"version-history":[{"count":1,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/9610\/revisions"}],"predecessor-version":[{"id":9611,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/9610\/revisions\/9611"}],"wp:attachment":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/media?parent=9610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/categories?post=9610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/tags?post=9610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}