Home / Technology / Critical cPanel Flaw Grants Hackers Root Access
Critical cPanel Flaw Grants Hackers Root Access
30 Apr
Summary
- A critical vulnerability allows attackers to bypass authentication.
- Attackers can gain full root administrator privileges on affected servers.
- A patch has been released and administrators must update immediately.
A critical vulnerability impacting cPanel and Web Host Manager (WHM) has been disclosed, enabling remote attackers to achieve authentication bypass and gain complete administrative control over servers. This critical security flaw, identified as CVE-2026-41940, carries a severity score of 9.8 and has already been exploited in real-world attacks, according to KnownHost.
Researchers pinpointed that the exploit involves attackers forging authenticated sessions by injecting new lines of code into the cPanel Logbook using CRLF. This technique circumvents session file encryption, granting the attacker root-level access to WHM and subsequently, all hosted websites, databases, and user accounts.
A patch addressing this vulnerability has been issued, incorporating a new sanitization function to prevent malicious code injection. cPanel recommends immediate updates to specific patched versions across various release lines, including cPanel & WHM 110.0.x through 136.0.x, to mitigate the risk of data theft, malware deployment, or complete server deletion.
