Tech »  Topic »  'The Internet is falling down': Critical cPanel CRLF injection vulnerability puts tens of millions of websites at risk of total compromise – hosting providers urged to apply CVE-2026-41940 patch immediately

'The Internet is falling down': Critical cPanel CRLF injection vulnerability puts tens of millions of websites at risk of total compromise – hosting providers urged to apply CVE-2026-41940 patch immediately

19 hours ago   techradar.com
(Image credit: Image: Generated with Google Gemini)
  • New critical severity vulnerability allows for authentication bypass
  • The vulnerability affects cPanel and WebHost Manager
  • Attackers can gain full root administrator privileges over any server

Researchers at watchTowr Labs have dissected a critical authentication bypass in cPanel and Web Host Manager (WHM) that allows remote attackers to gain full admin access over servers upon which much of the internet relies.

The vulnerability, tracked as CVE-2026-41940 and given a near-top severity score of 9.8, has been exploited in the wild, as confirmed by KnownHost.

A patch for the vulnerability has been released and administrators are urged to apply the patch immediately.

Article continues below

Trend Micro warns of worrying security flaw allowing full Windows takeover, so patch now60,000 WordPress sites at risk due to plugin security flawBeyondTrust RCE flaw lets hackers run code without logging in

Administrators urged to update ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE

More related news