What to do if your server control panel becomes public.
In the popular server control panel found a vulnerability that allows you to log in without a password. The developers have already released updates, but it is clearly not worth pulling with the installation. The problem of CVE-2026-41940 (CVSS rating: 9.8) in cPanel and WHM affects all versions starting from 11.40, including DNSOnly. The error allows you to bypass the authentication and access the system without the correct accounting data.
The company has released fixes for a number of current versions, including 11.110, 11.118, 11.126 and newer branches. The update was also released for WP Squared. For outdated servers on CentOS 6 and CloudLinux 6, a separate build with a fix was prepared. Administrators are advised to urgently update the systems through the built-in update script, then check the version and restart the panel service. If the automatic updates are disabled or a specific version is fixed, the update will have to be put manually.
If you can not update the system quickly, the developers offer temporary measures. You can close access to the ports of the control panel on the firewall or completely stop cPanel services. The developers also warned that the vulnerability may affect older versions, for which there are no corrections yet. In this case, it is better to go to a supported branch as soon as possible.
A separate scenario was prepared to check for possible hacking. The script is looking for suspicious sessions and traces of the introduction of malicious data. Among the signs of compromise are sewn security tokens, incorrect authorization records and damaged session files.
If the script finds the traces of the attack, administrators are advised to delete all sessions, change user passwords and check access logs. Additionally, it is worth making sure that the attackers are not entrenched in the system through the settings on a schedule, SSH keys or hidden programs.
In the popular server control panel found a vulnerability that allows you to log in without a password. The developers have already released updates, but it is clearly not worth pulling with the installation. The problem of CVE-2026-41940 (CVSS rating: 9.8) in cPanel and WHM affects all versions starting from 11.40, including DNSOnly. The error allows you to bypass the authentication and access the system without the correct accounting data.
The company has released fixes for a number of current versions, including 11.110, 11.118, 11.126 and newer branches. The update was also released for WP Squared. For outdated servers on CentOS 6 and CloudLinux 6, a separate build with a fix was prepared. Administrators are advised to urgently update the systems through the built-in update script, then check the version and restart the panel service. If the automatic updates are disabled or a specific version is fixed, the update will have to be put manually.
If you can not update the system quickly, the developers offer temporary measures. You can close access to the ports of the control panel on the firewall or completely stop cPanel services. The developers also warned that the vulnerability may affect older versions, for which there are no corrections yet. In this case, it is better to go to a supported branch as soon as possible.
A separate scenario was prepared to check for possible hacking. The script is looking for suspicious sessions and traces of the introduction of malicious data. Among the signs of compromise are sewn security tokens, incorrect authorization records and damaged session files.
If the script finds the traces of the attack, administrators are advised to delete all sessions, change user passwords and check access logs. Additionally, it is worth making sure that the attackers are not entrenched in the system through the settings on a schedule, SSH keys or hidden programs.
