There must be so many (small) shared hosting companies that don&#x27;t update their software, those poor customers.

With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I&#x27;ve been out of it for a long time.

Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.

Thanks for sharing, this is a great read!

A full breakdown of the vulnerability: <a href="https:&#x2F;&#x2F;labs.watchtowr.com&#x2F;the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940&#x2F;" rel="nofollow">https:&#x2F;&#x2F;labs.watchtowr.com&#x2F;the-internet-is-falling-down-fall...</a>

Plesk is a separate team owned by the same parent company.

Luckily my site uses Plesk after moving away from cPanel years ago.I have to wonder if this issue is due to never reviewing auto-test scripts ?I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.

Hackers are actively exploiting a bug in cPanel and WHM

Comments

sikozu

dspillett

aitchnyu

ChrisArchitect

sikozu

jmclnx

cestith