Critical cPanel Vulnerability Lets Attackers Bypass Login, Gain Root Access

A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released.

Cybersecurity researchers at watchTowr Labs have reported a critical security vulnerability in cPanel and WHM (Web Host Manager) a software suite used to manage over 70 million websites globally. For your information, WHM is used for server-wide administration and cPanel is for individual website owners, and this vulnerability , tracked as CVE-2026-41940, allows hackers to bypass the suite’s login screens entirely to gain root access.

The risk is unmistakable given that CVE-2026-41940 has a CVSS score of 9.8 and affects all cPanel versions, even EoL (End-of-Life). And, this isn’t a theoretical threat because several hosting providers like KnownHost found this flaw being exploited as 0-day since late February 2026.

That means servers got compromised two months before an urgent patch was released by cPanel developer WebPros International L ...