Executive Summary

  • A critical security vulnerability (CVE-2026-41940) affecting cPanel & WHM has been identified and is currently being actively exploited globally.
  • Industry reports indicate that more than 1.5 million servers worldwide may be affected, potentially impacting hundreds of millions of websites.
  • As a proactive security precaution, GoManilaHost.Net has temporarily shut down all cPanel-based servers within our infrastructure.
  • Based on our current assessments, no confirmed compromise has been identified within our systems at this time.
  • Services will only be restored after all required security patching, validation, and integrity checks have been successfully completed.
  • This is a global software-level issue affecting hosting providers worldwide, and the actions we have taken are preventive measures designed to protect all client environments.
  • At GoManilaHost.Net, our operational priority remains clear: safeguard client systems first, then carefully restore services.
  • Following the disclosure of this critical cPanel & WHM vulnerability, we made the deliberate decision to temporarily suspend all affected cPanel-based services as part of our security response strategy.
  • These actions are preventive, controlled, and intended to ensure the continued protection, stability, and integrity of all client systems.

Incident Overview

A recently disclosed vulnerability in cPanel & WHM (CVE-2026-41940) has been classified as a critical severity vulnerability with confirmed reports of active exploitation in the wild.

The vulnerability may allow:

  • Authentication bypass, potentially enabling unauthorized access without valid login credentials
  • Potential elevated or privileged-level access to affected servers
  • Widespread impact across shared and multi-tenant hosting environments

Industry-wide assessments indicate that more than 1.5 million cPanel servers may be exposed globally. Given that each server can host hundreds or thousands of websites, the potential impact may extend to hundreds of millions of websites worldwide.

This is a systemic software-level vulnerability affecting hosting providers globally, regardless of provider size or internal security standards.

Industry Context

This vulnerability has been widely reported and analyzed by leading cybersecurity organizations and global security media due to its severity and widespread impact.

Notable industry references include:

  • Rapid7 — Critical cPanel & WHM Authentication Bypass (CVE-2026-41940)
  • WatchTowr Labs — The Internet Is Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
  • BleepingComputer — Critical cPanel bug exploited as zero-day before patch release
  • SecurityWeek — cPanel vulnerability exploited as zero-day for months
  • Bitsight — Critical vulnerability alert: cPanel WHM authentication bypass

Key findings reported across these security advisories include:

  • CVSS Severity Score: 9.8 (Critical)
  • Active exploitation observed in the wild
  • No authentication required for attack execution
  • Potential full administrative control of affected systems

Given the widespread use of cPanel globally, this is considered one of the most impactful control panel-level security incidents in recent years.

Risk in Shared Hosting Environments

Within shared hosting infrastructures, exploitation at the control panel layer may potentially allow attackers to:

  • Access or manipulate website files and databases
  • Compromise email systems and credentials
  • Inject malicious code or redirect website traffic
  • Utilize servers for spam activity or coordinated attacks

Due to the multi-account architecture of shared hosting environments, a single compromised server could potentially impact multiple client accounts.

Our Decision: Temporary Shutdown of cPanel Servers

Following an internal risk assessment, we made the deliberate decision to temporarily shut down all cPanel-based servers as a preventive security measure.

This approach helps ensure:

  • Reduced exposure during ongoing exploitation activity
  • Improved containment of potential attack vectors
  • Enhanced protection of client data integrity and system security

While this results in temporary service interruption, our response reflects a security-first operational model aligned with best practices for handling high-severity cybersecurity incidents.

Responsibility & Transparency

We want to communicate this clearly and transparently:

  • This issue stems from a third-party software vulnerability affecting cPanel & WHM.
  • The vulnerability exists within the core functionality of the cPanel & WHM platform.
  • Hosting providers globally, across all regions and infrastructures, are being impacted by this issue.

At present:

  • Our investigations and security assessments are still ongoing as we continue reviewing all systems and related activities.
  • All measures implemented are proactive and follow industry-recognized best practices for mitigating risks during active security threats.

Remediation & Ongoing Actions

Our engineering and security teams are actively performing the following actions:

  • Deploying official vendor security patches and verified updates
  • Performing controlled server reloads and reboots where required
  • Conducting comprehensive system integrity audits
  • Reviewing logs and access patterns for anomalies
  • Implementing additional hardening controls and access restrictions

Systems will only be brought back online once they successfully meet our internal security clearance and validation standards.

Service Restoration

Service restoration will occur in a phased and carefully controlled manner once:

  • All affected systems have been fully patched
  • Security validation procedures are completed
  • Residual risk levels are reduced to acceptable thresholds

Our priority is ensuring long-term security, stability, and integrity rather than rushing service restoration prematurely.

Strategic Outlook

This event further reinforces the importance of continuous infrastructure improvement and security evolution.

GoManilaHost.Net is actively:

  • Diversifying control panel dependencies
  • Strengthening multi-layered security architecture
  • Enhancing infrastructure resilience against platform-level vulnerabilities

Our Commitment to Clients

We fully recognize the impact and inconvenience caused by this temporary disruption, and we sincerely appreciate your patience, trust, and understanding during this situation.

Our responsibility extends beyond uptime — it includes ensuring that your services remain:

  • Secure, stable, and uncompromised
  • We will continue to provide timely updates as progress is made and additional information becomes available.

Support Channels

For urgent concerns or assistance, our support team remains available via Support Tickets.

We sincerely appreciate your patience and understanding as we continue prioritizing the security, stability, and integrity of all systems.

We will continue to monitor developments closely and provide additional updates on the announcement page as new information becomes available.

Warm Regards,
GoManilaHost.Net



Friday, May 1, 2026





« Back