CuraSec

tag: Critical-Cve · 1 items

  • Engineer — Act: cPanel/WHM is widely deployed by hosting providers and MSPs; CISA KEV listing plus EPSS 0.98 and public PoC confirm active exploitation risk. Patch to the vendor-released fixed version immediately and audit for signs of unauthorized access in cPanel/WHM logs.
  • SOC/IR — Act: With a public PoC and KEV listing, opportunistic exploitation is underway — sweep for anomalous cPanel/WHM authentication events and unexpected admin account creation since the PoC publication date, and tune detections for unauthenticated access patterns on WHM ports.
  • Leader — Plan: If your organization or any managed-hosting vendor uses cPanel/WHM, confirm patching status and request attestation this week; the KEV listing signals broad exploitation, but direct board escalation is warranted only if you host customer data on affected systems.
  • Signals: CVE-2026-41940 — CISA KEV: listed, EPSS 0.98, public PoC on GitHub