Thousands of Websites Compromised Through cPanel and WHM Vulnerability Exploit

A serious cybersecurity issue is presently affecting hundreds of websites that use cPanel and WebHost Manager (WHM) software. Security experts have warned that hackers are actively exploiting a significant flaw that allows them to remotely control unprotected servers. The weakness, known as CVE-2026-41940, has raised severe concerns among website owners, hosting providers, and organizations that rely on cPanel-based servers.

According to the Shadowserver Foundation, more than 550,000 servers globally could still be exposed to the attack. According to reports, hackers have already used the issue to penetrate thousands of systems. The attack primarily targets servers running cPanel and WHM, which are popular web hosting management tools. By exploiting the vulnerability, attackers can obtain complete control of servers via the control panel itself.

Security experts observed that some compromised websites featured ransomware warnings from hackers. In several cases, attackers claimed to have encrypted website files and looked for payment from their targets. Some compromised websites were momentarily knocked offline, while others eventually resumed normal operations. The event underscores the increasing risk of ransomware attacks on web hosting infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) has formally stated that the vulnerability is being extensively exploited online. The weakness has been added to the agency's Known Exploited Vulnerabilities (KEV) catalog, and enterprises are being asked to install security upgrades promptly. Government and business entities were recommended to fix vulnerable servers as soon as possible to limit the risk of further attacks.

cPanel and WHM are widely used web hosting control panel platforms that help businesses, websites, online stores, and hosting companies manage their servers and online services. Because these systems control important website operations, they become attractive targets for cybercriminals. If hackers successfully gain access to vulnerable servers, they may take complete control of websites, encrypt files through ransomware attacks, steal sensitive information, redirect users to malicious websites, or even disrupt online services completely. This can lead to financial losses, data breaches, downtime, and serious security risks for both businesses and users.

Cybersecurity experts advise website owners and hosting providers to take urgent action to secure their servers and limit the risk of attack. This includes installing the most recent cPanel and WHM security updates, constantly monitoring servers for suspicious behavior, employing strong passwords with multi-factor authentication, and routinely backing up critical website data. The continuing cPanel and WHM cyberattack emphasizes the increasing necessity of server security and vulnerability control. As hackers continue to attack web hosting platforms, businesses must strengthen their cybersecurity systems and rapidly deploy security patches to safeguard websites, online services, and sensitive user data from large-scale cyber threats.

Information referenced in this article is from Tech Crunch