← All stories

The Hacker News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

[email protected] (The Hacker News) · 2026-04-29 · Read original ↗

ATT&CK techniques detected

5 predictions

T1190Exploit Public-Facing Application

100%

"and carries a cvss score of 9. 8 out of 10. 0. in an update to its advisory, cpanel said patches have also been pushed to wp squared version 136. 1. 7. " cpanel and whm versions after 11. 40 contain an authentication bypass vulnerability in the login flow that allows unauthentica…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

97%

"vulnerability, web hosting and domain registration company namecheap disclosed that it " relates to an authentication login exploit that could allow unauthorized access to the control panel. " as a precautionary measure, the company has applied a firewall rule to block access to …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

95%

"over 2 million cpanel instances connected to the internet, although it ' s currently not known how many of those have auto - update enabled and are vulnerable to the flaw. watchtowr labs, which published additional technical specifics about the flaw, said inconsistencies in cpane…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

79%

"indicate that the vulnerability has been under active exploitation as a zero - day, with knownhost ceo daniel pearson noting that " this has absolutely been used in the wild, and has been seen at least for the last 30 days if not longer. " the hacker news has reached out to cpane…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1078.001Default Accounts

69%

"indicate that the vulnerability has been under active exploitation as a zero - day, with knownhost ceo daniel pearson noting that " this has absolutely been used in the wild, and has been seen at least for the last 30 days if not longer. " the hacker news has reached out to cpane…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions of cPanel and WebHost Manager (WHM), according to an alert published by WebPros on Tuesday. It does not have an official identifier. The issue has been addressed in