{"id":244321,"date":"2026-05-12T07:43:00","date_gmt":"2026-05-12T11:43:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor\/"},"modified":"2026-05-12T08:35:11","modified_gmt":"2026-05-12T12:35:11","slug":"attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor\/","title":{"rendered":"Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor"},"content":{"rendered":"

Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor<\/a><\/p>\n

https:\/\/securityaffairs.com\/192013\/cyber-crime\/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor.html<\/a><\/p>\n

Publish Date: 2026-05-12 07:43:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 12, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access.<\/h2>\n

Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. <\/p>\n

cPanel\u00a0is a widely used web hosting control panel that lets users manage websites and servers through a graphical interface instead of command-line tools.<\/p>\n

Cybersecurity experts at watchTowr first\u00a0disclosed\u00a0the flaw earlier this week and released a tool to help defenders identify vulnerable hosts in their estates.<\/p>\n

\u201cAs we stated above, in-the-wild exploitation has already begun, according to KnownHost.\u201d reads the\u00a0advisory\u00a0by watchTowr. \u201cTherefore, we\u2019re releasing our\u00a0Detection Artifact Generator\u00a0to enable defenders to identify vulnerable hosts in their estates.\u201d<\/p>\n

CVE-2026-41940 is an authentication bypass flaw affecting cPanel and WHM versions after 11.40. A weakness in the login flow allows remote attackers to skip or manipulate authentication checks, granting access to the control panel without valid credentials. This could let attackers manage hosting settings, access sensitive data, or take control of the server.<\/p>\n

According to the Shadowserver Foundation, thousands of instances may be exposed. <\/p>\n

cPanel and watchTowr released tools to detect compromise and vulnerable hosts. Exploits date back to February. Namecheap warned customers of temporary access limits to mitigate risk.<\/p>\n

QiAnXin XLab researchers linked the attacks to a threat actor known as Mr_Rot13.<\/p>\n

Since its public disclosure on April 28, researchers have observed widespread exploitation linked to cryptomining, ransomware, botnets, and backdoor deployments. More than 2,000 malicious IPs worldwide have…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor https:\/\/securityaffairs.com\/192013\/cyber-crime\/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor.html Publish Date: 2026-05-12 07:43:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":244322,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/11\/cpanel-vector-logo.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,34,27],"class_list":["post-244321","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244321"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=244321"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244321\/revisions"}],"predecessor-version":[{"id":244323,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244321\/revisions\/244323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/244322"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=244321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=244321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=244321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}