Security experts have raised concerns about a newly found flaw in cPanel and WebHost Manager (WHM), tools that many websites rely on to manage their servers.
This weakness could allow hackers to break in and take full control of affected servers, putting millions of websites around the world at risk. cPanel and WebHost Manager are tools used to run and manage web servers they handle websites, emails, databases, and key system settings. Because they control so much, anyone who gains access can potentially see or change everything on the server.
A newly identified flaw, tracked as CVE-2026-41940, could let hackers skip the login process entirely and take over the admin panel remotely. Namecheap, which relies on cPanel for customer server management, temporarily shut down access to users’ control panels after learning about the flaw. This was done to stop any possible attacks while they worked on fixing the issue.
HostGator also confirmed it has already applied a fix, describing the issue as a serious login bypass vulnerability.
Meanwhile, another hosting provider reported signs that hackers may have been quietly exploiting this weakness for months before it was publicly discovered.
No Comments