VulnerabilityBleeping Computer
9.8 — CRITICAL
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A mass-exploitation campaign is using a critical cPanel flaw (CVE-2026-41940) to breach websites and encrypt data in 'Sorry' ransomware attacks, targeting Linux-based web hosting control panels for server and website management.
⚙️Technical Details
💥Impact Assessment
Severity: Critical
🛡️Recommended Actions
1Immediately install the available security updates to protect websites from ransomware attacks and data theft.
2Monitor website activity for suspicious behavior and report any incidents to the relevant authorities.
3Implement additional security measures, such as two-factor authentication and regular backups, to prevent future breaches.
📦Affected Products
Cpanel CpanelCpanel WhmCpanel Wp Squared
🔐NVD Verified DataVERIFIED
CVE-2026-41940 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-306
Affected Products (CPE)
Cpanel CpanelCpanel WhmCpanel Wp Squared
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.