April 30, 2026
Panel van-ic
Hackers are actively exploiting a bug in cPanel and WHM
Website owners are panicking as commenters roast lazy hosts and flee to rivals
TLDR: A serious flaw in popular website-management software is already being used by attackers, and hosting companies are rushing to lock things down. In the comments, people are roasting smaller hosts for sloppy updates, blaming weak testing, and smugly celebrating that they switched away years ago.
The internet’s landlords are having a very bad week. A newly discovered flaw in cPanel and WHM — the dashboard software many hosting companies use to run websites, email, and settings — is being actively abused, and the reaction online is a mix of panic, finger-pointing, and a little bit of smug victory-lapping. Security agencies are warning that attackers may be able to skip the login screen entirely and grab control of servers, which is about as comforting as hearing your apartment building’s master key is circulating on the dark web.
The loudest community take? Small hosting companies are in trouble. One commenter grimly summed it up: there are probably loads of bargain hosts that never update anything, and “those poor customers” are now stuck hoping their provider remembered basic maintenance. Others sounded almost relieved to be out of the shared-hosting game entirely, joking that with this bug plus another recent mess, it must be “an exciting time” in the industry — the kind of “exciting” no one actually wants.
Then came the workplace-drama angle. One commenter blamed modern software culture, snarking that testing now apparently means “it compiled, ship it,” and mourning the old days when dedicated testers caught disasters before customers did. And yes, there was some classic rival-software gloating: one user cheerfully noted they ditched cPanel years ago for Plesk, basically posting the hosting equivalent of “told you so.” The mood is clear: patch now, ask existential questions later.
Key Points
- •The article reports active exploitation of CVE-2026-41940, a vulnerability in cPanel and WHM that allows remote login bypass and full admin access.
- •The flaw affects all supported versions of the software, and cPanel urged customers to ensure their systems are patched.
- •Because cPanel and WHM are widely used in web hosting and have deep server access, unpatched systems could expose many websites to compromise.
- •Canada’s national cybersecurity agency warned that exploitation is highly probable, especially on shared hosting servers, and called for immediate action.
- •Namecheap, HostGator, and KnownHost all reported mitigation or patching steps, while KnownHost said it observed exploit attempts dating back to February 23.