Ruin Your Friday With Critical cPanel and WHM Bugs
Another Week, Another Nightmare
2026 won’t quit, and is poised to ruin yet another weekend by forcing sysadmins to patch their systems. As we mentioned in the podcast the cPanel and WHM bugs are bad enough that some hosting companies have blocked ports 2083 and 2087 until patches are installed and verified on their customers sites. We are not sure when these exploits were first discovered and leveraged but attacks have been uncovered dating all the way back to February of this year. This news is not going to make anyone who owns one of the roughly 1.5 million cPanel instances that are exposed online.
If you aren’t 110% sure you’ve patched all the things, Bleeping Computer has a link to the Detection Artifact Generator script created by watchTowr that can be used to verify if your cPanel and WHM instances are vulnerable to CVE-2026-41940 or if you are safe … for the moment.
It is unclear when exploitation started, but KnownHost, a hosting provider that uses cPanel, said the day the vulnerability was disclosed that "successful exploits have been seen in the wild" before a fix became available.
More Tech News From Around The Web
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros @ Bleeping Computer
- Ubuntu’s AI Plans Have Linux Users Looking For a ‘Kill Switch’ @ Slashdot
- Microsoft’s patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack @ The Register
- April KB5083769 Windows 11 update causes backup software failures @ Bleeping Computer
- GitHub says sorry and vows to do better as uptime slips and devs complain @ The Register
- Apple Gives Up On the Vision Pro After M5 Refresh Flop @ Slashdot
- Apple may take “several months” to catch up to Mac mini and Studio demand @ Ars Technica
- The weirdness of quantum contextuality is not a bug – it’s a feature @ Physicsworld
- A Tractor From A Small Town Might Just Be The Catalyst For Ousting Machinery DRM @ Hackaday
- Jackery HomePower 2000 Ultra @ FunkyHome
- Network Scanner Finds Every Raspberry Pi @ Hackaday
- GL.iNet GL-RM10 Comet Pro Remote 4K KVM @ ServeTheHome
