A critical vulnerability affecting all but the latest versions of cPanel and WebHost Manager allows unauthenticated attackers to gain access to the control panel. Tracked as CVE-2026-41940 with a severity score of 9.8, the flaw has been addressed through an emergency update requiring manual command execution to retrieve patched software. The Linux-based hosting control panels are among the most widely deployed platforms, popular for their standardized interfaces and integration with common hosting stacks.
No technical details have been publicly disclosed, but hosting provider Namecheap temporarily blocked access to ports 2083 and 2087 to protect customers until patches became available. The vulnerability relates to an authentication login exploit that could enable unauthorized control panel access. Patched versions include 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, and 11.134.0.20.
Administrators must run the command /scripts/upcp –force to install safe versions, as the update process may not automatically apply the patch. Servers running unsupported cPanel versions remain ineligible for security updates and should be upgraded immediately. Compromised cPanel access allows attackers to control hosting accounts, plant backdoors, steal sensitive files, and send spam or phishing emails. WHM access provides server-wide control including creating or deleting accounts and establishing persistent access for malicious activities such as botnet operations or malware delivery. Website owners using affected interfaces should verify they have updated to patched versions promptly.
Read more...