The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is ...

CISA added CVE-2026-54420 to KEV, requiring federal agencies to patch LiteSpeed cPanel root escalation by June 18, 2026.

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.

A critical authentication bypass vulnerability in cPanel & WHM, tracked as CVE-2026-41940, has been actively exploited as a zero-day since at least February 2026. The flaw allows unauthenticated ...

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. The ...

New critical severity vulnerability allows for authentication bypass The vulnerability affects cPanel and WebHost Manager Attackers can gain full root administrator privileges over any server ...

Nearly a week after the makers of the popular web server management software cPanel and WebHost Manager (WHM) alerted users of a critical flaw in its software, hackers are now mass-compromising ...

Owned global infrastructure and in-house systems teams allowed InMotion Hosting to block exposure across three data centers and patch the entire fleet during a critical cPanel & WHM zero-day, ...

Attackers can exploit a “critical” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration software to gain unauthorized access. So far, there are no reports of ...