cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

2026-05-11

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

cPanel vulnerability CVE-2026-41940 is under active exploitation to deploy the Filemanager backdoor on compromised systems.

•CVE-2026-41940 is an authentication bypass flaw in cPanel and WHM that allows remote attackers to gain elevated control of the control panel
•Over 2,000 attacker source IPs worldwide are conducting automated attacks across multiple regions, primarily from Germany, the United States, Brazil, and the Netherlands
•Attack chain deploys a Go-based infector that installs SSH public keys for persistent access and PHP web shells for file operations and remote command execution
•JavaScript injection steals login credentials via fake login pages and transmits them to attacker-controlled servers using ROT13 encryption
•

Related Articles