{"id":238592,"date":"2026-05-03T10:43:00","date_gmt":"2026-05-03T14:43:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/u-s-cisa-adds-a-flaw-in-webpros-cpanel-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-05-03T12:05:18","modified_gmt":"2026-05-03T16:05:18","slug":"u-s-cisa-adds-a-flaw-in-webpros-cpanel-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/u-s-cisa-adds-a-flaw-in-webpros-cpanel-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/191613\/hacking\/u-s-cisa-adds-a-flaw-in-webpros-cpanel-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n

Publish Date: 2026-05-03 10:43:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 03, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score of 9.3), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

cPanel\u00a0is a widely used web hosting control panel that lets users manage websites and servers through a graphical interface instead of command-line tools.<\/p>\n

Cybersecurity experts at watchTowr first disclosed the flaw earlier this week and released a tool to help defenders identify vulnerable hosts in their estates.<\/p>\n

\u201cAs we stated above, in-the-wild exploitation has already begun, according to KnownHost.\u201d reads the advisory by watchTowr. \u201cTherefore, we\u2019re releasing our\u00a0Detection Artifact Generator\u00a0to enable defenders to identify vulnerable hosts in their estates.\u201d<\/p>\n

CVE-2026-41940 is an authentication bypass flaw affecting cPanel and WHM versions after 11.40. A weakness in the login flow allows remote attackers to skip or manipulate authentication checks, granting access to the control panel without valid credentials. This could let attackers manage hosting settings, access sensitive data, or take control of the server.<\/p>\n

According to the Shadowserver Foundation, thousands of instances may be exposed. <\/p>\n

cPanel and watchTowr released tools to detect compromise and vulnerable hosts. Exploits date back to February. Namecheap warned customers of temporary access limits to mitigate risk.<\/p>\n

According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog https:\/\/securityaffairs.com\/191613\/hacking\/u-s-cisa-adds-a-flaw-in-webpros-cpanel-to-its-known-exploited-vulnerabilities-catalog.html…<\/p>\n","protected":false},"author":1,"featured_media":238593,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-238592","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238592"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=238592"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238592\/revisions"}],"predecessor-version":[{"id":238594,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238592\/revisions\/238594"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/238593"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=238592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=238592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=238592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}