Emergency patches out now for those managing the millions of domains assumed to be affected

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.

Given that cPanel and WebHost Manager (WHM) control panel help manage properties for  70 million domains, by some estimates, and the critical severity of CVE-2026-41940 (9.8), the vulnerability is being considered a disaster by those in the security scene.

It also affects every single supported version of the software prior to the patch.

For the uninitiated, cPanel and WHM are both Linux-based control panels. The former is used to manage websites, databases, file transfers, email configurations, and domains, while WHM is used for servers.

They are both backbones of the internet. Breaking into them would provide an attacker with unfettered access to all the secrets associated with these functions.

Or, as watchTowr put it: "Think of it as the keys to the ...