VulnerabilitySecurity Week
9.8 — CRITICAL
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek.
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Over 40,000 servers have been compromised in an ongoing attack exploiting CVE-2026-41940, a critical zero-day vulnerability in cPanel and WHM versions after 11.40, allowing unauthenticated remote attackers to gain unauthorized access to the control panel.
⚙️Technical Details
CVEs
CVE-2026-41940
Affected Systems
cPanelCpanel WhmCpanel Wp Squared
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
🛡️Recommended Actions
1Apply the latest security patches for cPanel and WHM versions after 11.40 as soon as possible.
2Monitor server logs for suspicious activity and implement additional security measures to prevent unauthorized access.
3Conduct a thorough vulnerability assessment of all cPanel-based systems to identify potential weaknesses.
📦Affected Products
Cpanel CpanelCpanel WhmCpanel Wp SquaredcPanel
🔐NVD Verified DataVERIFIED
CVE-2026-41940 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-306
Affected Products (CPE)
Cpanel CpanelCpanel WhmCpanel Wp Squared
Read the full article
This is a curated summary. The complete article is available at Security Week.