{"id":237875,"date":"2026-05-01T09:10:00","date_gmt":"2026-05-01T13:10:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/critical-cpanel-exploited-millions-of-sites-could-be-hit-the-register\/"},"modified":"2026-05-01T10:40:13","modified_gmt":"2026-05-01T14:40:13","slug":"critical-cpanel-exploited-millions-of-sites-could-be-hit-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/critical-cpanel-exploited-millions-of-sites-could-be-hit-the-register\/","title":{"rendered":"Critical cPanel exploited: &#8216;Millions&#8217; of sites could be hit \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/05\/01\/critical_cpanel_vuln_hits_cisa\/?tdu003dkeepreading\">Critical cPanel exploited: &#8216;Millions&#8217; of sites could be hit \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/05\/01\/critical_cpanel_vuln_hits_cisa\/?tdu003dkeepreading\">https:\/\/www.theregister.com\/2026\/05\/01\/critical_cpanel_vuln_hits_cisa\/?tdu003dkeepreading<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-01 09:10:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>CISA has added a critical cPanel bug to its known-exploited list, confirming that attackers are already poking holes in one of the internet&#8217;s most widely used hosting stacks.<\/p>\n<p>The vulnerability, tracked as CVE-2026-41940, carries a near-worst-case CVSS score of 9.8 and affects all supported versions of cPanel and Web[Host Manager (WHM) released after version 11.40, along with WP Squared, a WordPress management layer built on top of the same platform.<\/p>\n<p>In plain terms, a successful exploit can hand over full control of the server.<\/p>\n<p>The US government&#8217;s cybersecurity agency added the flaw to its Known Exploited Vulnerabilities catalog on Thursday, confirming attackers are not waiting around. By the time cPanel shipped a patch on Tuesday, exploitation was already underway.<\/p>\n<p>Hosting provider KnownHost has been more explicit about what that looked like in practice, warning customers it had seen successful exploitation attempts before any fix was available. In a Reddit post, the company&#8217;s CEO, Daniel Pearson, said the provider had &#8220;seen execution attempts as early as 2\/23\/2026&#8221; and urged users to restrict access and assume systems could already be compromised if left unpatched.<\/p>\n<p>Another hosting provider, Namecheap, says it temporarily blocked access to cPanel and WHM, effectively slamming the door shut until fixes were ready. It has since begun rolling out updates.<\/p>\n<p>There are also early signs of what those attackers are up to once they get in. A small business owner posting on Reddit said their company had been hit by ransomware after running what they described as a fairly standard cPanel setup, adding that their hosting provider appeared to be struggling under the weight of the incident. The attackers, they said, demanded $7,000 to unlock systems.<\/p>\n<p>The claim is anecdotal, but if it holds up, it suggests this bug is already&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/05\/01\/critical_cpanel_vuln_hits_cisa\/?tdu003dkeepreading\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical cPanel exploited: &#8216;Millions&#8217; of sites could be hit \u2022 The Register https:\/\/www.theregister.com\/2026\/05\/01\/critical_cpanel_vuln_hits_cisa\/?tdu003dkeepreading Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237876,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2017\/05\/04\/bouncer.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-237875","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237875"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237875"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237875\/revisions"}],"predecessor-version":[{"id":237877,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237875\/revisions\/237877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237876"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}