Security researchers have issued urgent warnings regarding a critical vulnerability in cPanel and WebHost Manager (WHM), widely used software suites for managing web servers, email, and databases. Officially tracked as CVE-2026-41940, this flaw enables attackers to bypass the login screen remotely and gain full administrative control over affected servers. Given that these tools manage tens of millions of websites globally, the potential for widespread compromise is significant. The vulnerability grants malicious actors deep access to server configurations and data. Canada's national cybersecurity agency has classified exploitation as highly probable, urging immediate action from both software customers and web hosting providers. Although many commercial hosting companies have already deployed patches, cPanel has emphasized that the flaw affects all supported versions of the software, requiring users to verify their own system updates. Major industry players have responded swiftly to contain the threat. Namecheap blocked access to customer cPanel interfaces immediately upon learning of the flaw to prevent exploitation while they applied patches. Similarly, Hostgator confirmed its systems have been secured, labeling the incident a critical authentication-bypass exploit. Other providers, such as KnownHost, also temporarily restricted access to their networks to apply security fixes. Evidence suggests the vulnerability may have been under active exploitation for months before the issue was publicly disclosed. Daniel Pearson, CEO of KnownHost, reported that his company observed unauthorized access attempts as early as February 23. While Pearson noted that thousands of servers were scanned, only around 30 showed signs of intrusion attempts, though no active compromises were confirmed at that time. This indicates that hackers were actively probing for the weakness prior to the security alert. In addition to addressing the main cPanel issue, the software maker released a security fix for WP Squared, a complementary tool used for managing WordPress websites. Experts warn that shared hosting environments are particularly at risk, as a compromise on a single server could potentially expose multiple customer sites. The situation underscores the critical nature of timely patching in the web hosting industry. While the immediate response from hosting giants has helped mitigate immediate risks, the ongoing threat landscape requires continued vigilance from administrators to ensure their systems remain secure against similar exploits.