CPanel and WHM Authentication Bypass – CVE-2026-41940
zikani_03
79 points
20 comments
April 30, 2026
Related Discussions
Found 5 related stories in 83.5ms across 8,303 title embeddings via pgvector HNSW
- Hackers are actively exploiting a bug in cPanel and WHM dotmanish · 34 pts · April 30, 2026 · 74% similar
- CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers ggallas · 117 pts · May 09, 2026 · 64% similar
- GitHub RCE Vulnerability: CVE-2026-3854 Breakdown bo0tzz · 298 pts · April 28, 2026 · 52% similar
- CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root askl · 118 pts · March 18, 2026 · 50% similar
- CVE-2026-42511 Breakdown: RCE in FreeBSD mmsc · 14 pts · May 07, 2026 · 50% similar
Discussion Highlights (9 comments)
0xbadcafebee
Y'know what would help protect those internet buildings from falling on people? A software building code
debo_
I wonder how much of the web still runs on perl. I miss it sometimes.
superasn
Everytime I read one of these it always boils down to the same thing..Don't solve solved problems. And the best code in this case is code you didn't write as PHP's session handler is battle-tested but every line you write to roll your own is a line you have to secure, maintain, and eventually patch at 2am when someone finds the bug. Session handling, auth, crypto, password hashing etc - all these are the exact areas where you should be the most allergic to rolling your own. Not because you're not smart enough, but because a simple bug like sanitizing in the wrong place and the failure is catastrophic like in this instance. Use boring, proven, widely-audited solutions. Save your creativity for the actual problem you're solving.
yabones
Oooooh that's really bad. Wordpress on Cpanel sites is like the Dark Matter of the internet, it's everywhere and you don't see it until something bad happens. Libations for the sysadmins patching & cleaning up this mess.
Loudergood
That's gonna pair really well with this. https://copy.fail
ChrisArchitect
Earlier: https://news.ycombinator.com/item?id=47967974
ls612
Something that is starting to concern me with the flood of cyber chaos in the past couple of months is my homelab. Currently I do not have it set up to be accessible outside the local network and then add it and all my other devices to my tailnet to facilitate remote access (via an exit node on my local network). On top of that TrueNAS doesn't seem to have the best update cadence so I'm worried about having a system with known vulnerabilities only protected by not being accessible remotely in theory.
whalesalad
> this vulnerability affects - and we cannot stress this enough - all currently supported versions of cPanel & WHM yikes. https://www.shodan.io/search?query=basic+realm%3D%22cPanel%2...
amluto
I like how the vulnerability is in the path that (a) attempts to write the password in reversibly encrypted form to disk [0] and (b) has a weird fallback path that writes it in clear text. Sigh. [0] cPabel seems to be from 1996. We’ve known this is a mistake since before 1996.