This alert is relevant to all Australian organisations that utilise cPanel/ WebHost Manager (WHM). This alert is intended for a technical audience.
Background
ASD's ACSC is aware of active exploitation in Australia of a critical vulnerability (CVE-2026-41940) affecting cPanel/WHM products.
- The vulnerability is an authentication bypass, which can allow unauthenticated remote attackers to gain access to the control panel, as well as conduct remote code execution (RCE).
The vulnerability affects all versions after 11.40 (which was released in 2013).
- Patches have been released as of 30 April 2026.
ASD’s ACSC does not have information to indicate that a specific industry or sector is being targeted.
Mitigation advice
ASD's ACSC advises organisations to ensure the following:
- Review networks and environments for use of vulnerable versions of cPanel and WHM products.
- Review the need to continue to have the interface exposed to the internet.
- Apply patches as soon as practicable, if required.
- Monitor for suspicious activity. Indicator of Compromise (IoC) detection scripts have been released by the vendor, which may assist in detecting compromise. This can be found on the vendor support page.
- If suspicious activity is detected, notify ASD’s ACSC.
Where to get help
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).