#cve_2026_41940 — Public Fediverse posts on home.social

The Threat Codex @[email protected] · 2026-05-12 · 14:55 UTC

Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment
#CVE_2026_41940 #Mr_Rot13
https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment/

#cve_2026_41940 #mr_rot13

The Threat Codex @[email protected] · 2026-05-10 · 20:42 UTC

Tracking the "Sorry" Extortionist Campaign Against cPanel Websites
#SorryRansomware #CVE_2026_41940
https://blog.bournemouth2600.org/2026/05/tracking-sorry-extortionist-campaign.html

#sorryransomware #cve_2026_41940

The Threat Codex @[email protected] · 2026-05-04 · 14:12 UTC

South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)
#CVE_2026_41940
https://ctrlaltintel.com/research/SEA-CPanel/

#cve_2026_41940

:mastodon: decio @[email protected] · 2026-05-01 · 06:19 UTC

⚠️ Si vous administrez ou connaissez quelqu’un qui administre un ou des hébergements avec cPanel & WHM, attention : la vulnérabilité critique CVE-2026-41940 ( https://vulnerability.circl.lu/vuln/CVE-2026-41940 ) permets à un attaquant distant de contourner l’authentification et d’obtenir un accès administrateur sans identifiants.
L’exploitation se fait via les interfaces HTTPS exposées, sans interaction utilisateur, ce qui en fait un risque immédiat pour les serveurs accessibles depuis Internet.

Ce type de faille est particulièrement recherché par les cybercriminels et par certaines APT gravitant autour de la Russie : prise de contrôle d’hébergements, déploiement de webshells, détournement de domaines, modification DNS/mail, vol de données ou rebond vers d’autres systèmes.

À corriger en priorité : appliquez les versions corrigées, limitez l’accès à cPanel/WHM via VPN ou allowlist IP, et vérifiez les journaux d’accès.

🩹
👇
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

🔍
👇
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

⬇️
https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/

💬
⬇️
https://infosec.pub/post/45774673

#CyberVeille #cpanel #CVE_2026_41940

#cyberveille #cpanel #cve_2026_41940

ZEN SecDB @[email protected] · 2026-04-30 · 20:00 UTC

🚨 [CISA-2026:0430] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0430)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-41940 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41940)
- Name: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: WebPros
- Product: cPanel & WHM and WP2 (WordPress Squared)
- Notes: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940"

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260430 #cisa20260430 #cve_2026_41940 #cve202641940

#secdb #infosec #cve #cisa_kev #cisa_20260430 #cisa20260430

ZEN SecDB @[email protected] · 2026-04-30 · 20:00 UTC

🚨 [CISA-2026:0430] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0430)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-41940 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41940)
- Name: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: WebPros
- Product: cPanel & WHM and WP2 (WordPress Squared)
- Notes: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940"

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260430 #cisa20260430 #cve_2026_41940 #cve202641940

#cve202641940 #cve_2026_41940 #cisa20260430 #cisa_20260430 #cisa_kev #cve

The Threat Codex @[email protected] · 2026-04-29 · 18:11 UTC

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

#cve_2026_41940