computer-science
CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers
Key takeaways
- If you run a server with c Panel or WHM, you need to read this carefully.
- On May 8, 2026 — just ten days after the c Panel CVE-2026-41940 authentication bypass was used to compromise 44,000 web hosting servers and deploy ransomware — c Panel quietly released a second emergency security patch.
- That puts them firmly in the High severity tier, one step below Critical.
If you run a server with c Panel or WHM, you need to read this carefully.
On May 8, 2026 — just ten days after the c Panel CVE-2026-41940 authentication bypass was used to compromise 44,000 web hosting servers and deploy ransomware — c Panel quietly released a second emergency security patch. This one covers three new vulnerabilities: CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
Two of the three carry a CVSS score of 8.8. That puts them firmly in the High severity tier, one step below Critical.
Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News →
More top stories
Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place.
Editorial policy · Corrections · About Scoop