cPanel Security Incident – Live Updates

 
[Update 6 – 02 May 2026 | 12:37 PM]

Recovery progress continues. Approximately 40% of affected servers have been fully restored, and 80% of USA reseller servers are now online. Websites and email are operational on restored servers, except cPanel/webmail, which remains disabled for security reasons.

[Update 5 – 02 May 2026 | 10:30 AM]
Recovery in progress. Approximately 15% of all servers and 30% of reseller hosting servers have been restored, upgraded, and secured. Work continues on remaining systems.

[Update 4 – 02 May 2026 | 08:00 AM]
Server rebuild and patching ongoing. Systems are being OS reloaded and upgraded to fully patched environments before being brought online.

[Update 3 – 01 May 2026 | 11:30 PM]
Initial recovery phase started. Affected systems isolated and security validation process initiated.

[Update 2 – 01 May 2026 | 06:00 PM]
All cPanel servers taken offline as a precaution due to *critical vulnerability (CVE-2026-41940)* actively being exploited globally.

[Update 1 – 01 May 2026 | 03:30 PM]
Security advisory issued. Investigation and containment measures initiated.

Latest Information & Details

Full advisory and updates:

https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

SkyNet blog article:

https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/

Technical analysis (WatchTowr):

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940

Community discussion:

https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Note:

Updates will be posted here as progress continues.

Update: cPanel Security Incident – Recovery Progress

We would like to provide an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940)

Current Progress

As of now:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• Over 30% of our reseller hosting servers have been successfully recovered and brought back online.
  
  

All restored systems have been:

• Upgraded to patched versions
• Fully rebuilt (OS reload) where required
• Security-hardened before reactivation

Due to the severity of the incident, we are not publishing specific server names publicly as part of our security policy.

 Why Recovery is Taking Time

This vulnerability is classified as critical (CVSS 9.8) and allows attackers to bypass authentication and gain administrative access without credentials.

Security researchers have confirmed:

• Active exploitation in the wild
• Potential for full server compromise including websites, databases, and configurations

Given the scale and risk, each server must go through a complete security validation process before being brought back online.

Our Recovery Approach

We are following a strict, security-first recovery process:

1. Isolation of affected systems
2. Full OS reload and environment rebuild
3. Upgrade to latest patched cPanel versions
4. Security hardening and access restrictions
5. Data validation and service testing
6. Controlled reactivation

This ensures that restored services are stable, secure, and not vulnerable to re-exploitation

 What This Means for Clients

• Services are being restored in phases, not all at once
• Priority is given to system integrity and security over speed
• Some services may take longer due to deeper validation requirements

Further Reading & Transparency

For full details on this incident and technical background, you may refer to:

• https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services
• https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/](https://skynethosting.net/blog/cpanel-hack-cve-2026-41940
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Next Steps

Our teams are continuing to work around the clock to:

• Accelerate recovery across remaining servers
• Monitor for any suspicious activity
• Ensure all restored environments meet strict security standards

Ongoing Updates

We will continue to provide progress updates here:

•  https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

We sincerely appreciate your continued patience and understanding as we work through this incident with the highest priority on security and service reliability.

SkyNetHosting.Net Inc.

Security & Infrastructure Team

Executive Summary

• A critical global vulnerability (CVE-2026-41940) has been identified in cPanel/WHM and is being actively exploited.
• The issue affects over 1.5 million servers globally, potentially impacting hundreds of millions of websites.
• As a precaution, all cPanel servers at SkyNetHosting.Net have been temporarily shut down.
• No confirmed compromise has been identified within our systems based on current assessments.
• Services will be restored only after full security verification and patching is complete.
• This is a global industry issue, and our actions are proactive measures to protect all client environments.
• At SkyNetHosting.Net, we operate with a clear principle: protect client systems first, restore services second.
• Following the disclosure of a critical vulnerability in cPanel & WHM (CVE-2026-41940), we have taken the deliberate decision to temporarily shut down all cPanel-based servers within our infrastructure.
• This action is preventive, controlled, and in the best interest of all clients.

 Incident Overview

A recently disclosed vulnerability in cPanel/WHM (CVE-2026-41940) has been classified as critical, with confirmed reports of active exploitation in the wild.

The vulnerability enables:

• Authentication bypass (unauthorized access without valid login credentials)
• Potential privileged-level control of affected servers
• Broad impact across multi-tenant hosting environments

Industry-wide assessments indicate that over 1.5 million cPanel servers may be exposed globally. Given that each server can host hundreds to thousands of websites, the potential impact extends to Hundreds of millions of websites worldwide.

This is a systemic software-level vulnerability, affecting hosting providers globally, irrespective of size or internal security standards.

Industry Context

This vulnerability has been widely reported and analyzed by leading cybersecurity firms and global security media, highlighting the severity and urgency of the situation.

• Rapid7 : Critical cPanel & WHM Authentication Bypass (CVE-2026-41940)
• Labs @ WatchTowr : The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
• BleepingComputer : Critical cPanel bug exploited as zero-day before patch release
• SecurityWeek : cPanel vulnerability exploited as zero-day for months
• Bitsight : Critical vulnerability alert: cPanel WHM authentication bypass

Key findings from these reports include:

• CVSS 9.8 (critical severity rating)
• Active exploitation in the wild
• No authentication required for attack
• Potential full administrative control of servers

Given the widespread adoption of cPanel, this is considered one of the most impactful control panel–level security incidents in recent times.

Risk in Shared Hosting Environments

In cPanel-based shared hosting architectures, a successful exploit at the control panel layer may allow attackers to:

• Access or manipulate website files and databases
• Compromise email systems and credentials
• Inject malicious code or redirect traffic
• Leverage servers for spam or coordinated attacks

Given the multi-account nature of shared hosting, a single compromised server can have cascading effects across multiple client environments.

Our Decision: Full Shutdown of cPanel Servers

After internal risk evaluation, we have elected to:

• Fully shut down all cPanel servers as a precautionary measure

This approach ensures:

• Reduced exposure window during active exploitation
• Reduce containment of potential attack vectors
• Maximum protection of client data integrity

While this results in temporary service interruption, it reflects a security-first operating model aligned with best practices for high-severity incidents.

Responsibility & Transparency

We want to state this clearly:

• This issue originates from a 3rd party software vulnerability within cPanel/WHM and is affecting hosting providers globally
• It originates from a core vulnerability within cPanel/WHM software
• It is affecting hosting providers globally across all regions

At present:

• At this time, our investigations are ongoing, and we are actively reviewing all systems as part of our security assessment
• All actions taken are proactive and aligned with industry best practices for risk mitigation under active threat conditions

Remediation & Ongoing Actions

Our engineering and security teams are actively engaged in:

• Deploying official vendor patches and verified updates and reload/reboot server as needed.
• Conducting comprehensive system integrity audits
• Reviewing logs and access patterns for anomalies
• Implementing additional hardening controls and access restrictions

Systems will only be brought back online once they meet our internal security clearance standards.

Service Restoration

Service restoration will proceed in a phased and controlled manner once:

• All affected systems are fully patched
• Security validation checks are completed
• Residual risk is reduced to an acceptable level

Our approach prioritizes long-term system integrity over short-term availability

Strategic Outlook

This event reinforces the importance of continuous infrastructure evolution.

SkyNetHosting.Net is actively:

• Diversifying control panel dependencies
• Strengthening multi-layered security architecture
• Enhancing resilience against platform-level vulnerabilities

Client Commitment

We recognize the impact of this temporary disruption and sincerely appreciate your patience.

Our responsibility extends beyond uptime — it includes ensuring that your systems remain:

• Secure, stable, and uncompromised
• We will continue to provide updates as progress is made.

Support Channels

For urgent matters, our support teams remain available via:

•  Live Chat
• Support Tickets

We appreciate your patience and understanding as we work through this situation with the highest priority on security and system integrity.

We will continue to monitor developments closely and provide all updates on this page as new information becomes available.

Update: cPanel Security Incident – Recovery Progress

We would like to provide an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940)

Current Progress

As of now:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• Over 30% of our reseller hosting servers have been successfully recovered and brought back online.
  
  

All restored systems have been:

• Upgraded to patched versions
• Fully rebuilt (OS reload) where required
• Security-hardened before reactivation

Due to the severity of the incident, we are not publishing specific server names publicly as part of our security policy.

 Why Recovery is Taking Time

This vulnerability is classified as critical (CVSS 9.8) and allows attackers to bypass authentication and gain administrative access without credentials.

Security researchers have confirmed:

• Active exploitation in the wild
• Potential for full server compromise including websites, databases, and configurations

Given the scale and risk, each server must go through a complete security validation process before being brought back online.

Our Recovery Approach

We are following a strict, security-first recovery process:

1. Isolation of affected systems
2. Full OS reload and environment rebuild
3. Upgrade to latest patched cPanel versions
4. Security hardening and access restrictions
5. Data validation and service testing
6. Controlled reactivation

This ensures that restored services are stable, secure, and not vulnerable to re-exploitation

 What This Means for Clients

• Services are being restored in phases, not all at once
• Priority is given to system integrity and security over speed
• Some services may take longer due to deeper validation requirements

Further Reading & Transparency

For full details on this incident and technical background, you may refer to:

• https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services
• https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/](https://skynethosting.net/blog/cpanel-hack-cve-2026-41940
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Next Steps

Our teams are continuing to work around the clock to:

• Accelerate recovery across remaining servers
• Monitor for any suspicious activity
• Ensure all restored environments meet strict security standards

Ongoing Updates

We will continue to provide progress updates here:

•  https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

We sincerely appreciate your continued patience and understanding as we work through this incident with the highest priority on security and service reliability.

SkyNetHosting.Net Inc.

Security & Infrastructure Team

Hello Everyone,

We would like to inform our clients about a recently identified security vulnerability affecting cPanel/WHM authentication systems.

According to the official cPanel advisory, this issue may impact certain authentication paths and, under specific conditions, could allow unauthorized access to the control panel. You can review the full details here:

https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

What we are doing
--------------------------
The security of our servers and client data is our top priority. Immediately after becoming aware of this issue:

Applied the latest security updates released by cPanel
All potentially affected servers are being audited and secured on priority
Additional monitoring and preventive measures have been implemented across our infrastructure

Our technical team is actively working to ensure all systems are fully protected.

What you should know
--------------------------------
No immediate action is required from most clients
We will continue to monitor the situation closely and share further updates if needed

Our commitment
-----------------------
We understand that security-related announcements can be concerning. Please be assured that we are treating this with the highest urgency and diligence.

We sincerely appreciate your patience and cooperation while we complete these important security updates.

Best regards,
SkyNetHosting Team
SkyNetHosting.Net

Hello,

A security vulnerability has been reported in cPanel (CVE-2026-41940). As per the advisory below, we are currently performing security maintenance across all servers:

• Servers may experience temporary downtime
• Login access may be affected

This is a preventive security measure to ensure all systems are updated and protected.

We appreciate your patience during this period. Services will stabilize once the maintenance is completed.

Hello,

We would like to inform you that the server live upgrade has been scheduled for March  03th at 21:00:00 UTC. This upgrade is necessary to enhance the server's performance. Rest assured, there will be no downtime during this process, as it will be a live migration. Your IPs will remain the same after the migration is complete. 

It will take 48-72 hours for the migration to complete. To ensure a smooth and error-free migration process, we kindly request that you refrain from making any changes to your sites during this time. This includes avoiding upgrades to your CMS or installation of new plugins.

We understand that you may be eager to enhance your website, but making changes during the migration process can lead to complications and potential errors. By waiting until the migration is complete, you can ensure a seamless transition without any disruptions to your site's functionality. We will synchronize all emails once the migration is completed.

 Our team is dedicated to providing you with the best possible service, and we appreciate your cooperation in this matter. If you have any questions or concerns, please don't hesitate to reach out to our support team. Thank you for your understanding and patience.

We understand the importance of keeping you informed, and we will provide regular updates on the migration progress through this news thread. If you have any questions or concerns regarding this upgrade, please do not hesitate to contact our technical support team.

 Thank you for your continued trust in our services