cPanel vulnerability exploit has caused a significant security crisis among web servers worldwide. Hackers are currently attacking thousands of websites because of unpatched cPanel installations.

Consequently, about 550,000 potential targets remain exposed to the cPanel vulnerability exploit according to recent statistics. Researchers have observed hackers successfully compromising around 2,000 cPanel instances, although this number used to be much higher.

cPanel vulnerability exploit

On Thursday, experts confirmed that cybercriminals began exploiting the bug to seize full control over vulnerable servers. Therefore, attackers used the cPanel vulnerability exploit to hijack control panels, putting sensitive website data at risk.

Furthermore, signs of ransomware activity have been found on several compromised sites. Some pages showed hacker messages claiming file encryption, but others have since been restored.

Additionally, the ransom notes displayed a chat ID for victim communication with the hackers. The criminal group did not respond to media requests, including those from TechCrunch as the original source.

U.S. authorities, including CISA, have acknowledged the active exploit, tracked as CVE-2026-41940. CISA added this cPanel vulnerability exploit to its list of top threats and demanded urgent patching from agencies.

However, evidence suggests attacks related to the cPanel vulnerability exploit started even before the public warning. Some companies noticed suspicious activities dating back to late February.

An official response from the cPanel company is still pending, even after media inquiries. The community continues monitoring the cPanel vulnerability exploit for further developments.

Tags: cPanel vulnerability exploit, cPanel security flaw, cPanel bug mass exploitation, website hijack vulnerability, cPanel ransomware attack, CVE-2026-41940, web server security risk, control panel hacking