A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains.
The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting systems, according to researchers at XLab. The researchers linked some of the activity to a long-running threat group they call Mr_Rot13.
For CISOs, the worry is not just the bug, but where it sits. cPanel and similar tools often operate at the edge of the enterprise, managing websites, portals, and hosted applications. I...