{"id":239064,"date":"2026-05-04T15:13:00","date_gmt":"2026-05-04T19:13:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/04\/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940\/"},"modified":"2026-05-04T16:25:12","modified_gmt":"2026-05-04T20:25:12","slug":"hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/04\/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940\/","title":{"rendered":"Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940"},"content":{"rendered":"

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940<\/a><\/p>\n

https:\/\/securityaffairs.com\/191666\/breaking-news\/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html<\/a><\/p>\n

Publish Date: 2026-05-04 15:13:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 04, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

A<\/strong>ttackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada.<\/h2>\n

A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South Africa, and the U.S. The attacks highlight the rapid weaponization of newly disclosed flaws.<\/p>\n

cPanel\u00a0is a widely used web hosting control panel that lets users manage websites and servers through a graphical interface instead of command-line tools.<\/p>\n

CVE-2026-41940 is an authentication bypass flaw<\/strong> affecting cPanel and WHM versions after 11.40. A weakness in the login flow allows remote attackers to skip or manipulate authentication checks, granting access to the control panel without valid credentials. This could let attackers manage hosting settings, access sensitive data, or take control of the server.<\/p>\n

Cybersecurity experts at watchTowr first\u00a0disclosed\u00a0the flaw last week and released a tool to help defenders identify vulnerable hosts in their estates.<\/p>\n

\u201cAs we stated above, in-the-wild exploitation has already begun, according to KnownHost.\u201d reads the\u00a0advisory\u00a0by watchTowr. \u201cTherefore, we\u2019re releasing our\u00a0Detection Artifact Generator\u00a0to enable defenders to identify vulnerable hosts in their estates.\u201d<\/p>\n

According to the Shadowserver Foundation, thousands of instances may be exposed.<\/p>\n

On May 2, 2026, researchers at Ctrl-Alt-Intel detected attacks exploiting CVE-2026-41940. The activity, linked to the IP address 95.111.250[.]175, targeted government and military domains in the Philippines and Laos, along with MSPs and hosting providers, using public PoCs…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 https:\/\/securityaffairs.com\/191666\/breaking-news\/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html Publish Date: 2026-05-04 15:13:00…<\/p>\n","protected":false},"author":1,"featured_media":239065,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-8.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,34,27],"class_list":["post-239064","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239064"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=239064"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239064\/revisions"}],"predecessor-version":[{"id":239066,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239064\/revisions\/239066"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/239065"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=239064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=239064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=239064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}