CRITICALVulnerability
Global

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

·Source: The Hacker News

Updated:

Executive Summary

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

Analysis

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

Indicators of Compromise (1)

CVE (1)
CVE-2026-41940
NVDMITRE CVE
Source Attribution

Originally published by The Hacker News on May 11, 2026.

Related Threats

MEDIUMVulnerability

Visa unveils Tap to Confirm tech

Visa has introduced technology lets people verify their identity or activate a new card by tapping their physical card to their mobile inside the issuer’s banking app.

Finextra
MEDIUMVulnerability

Frame Security Emerges From Stealth With $50M for Awareness and Training Platform

Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

FCC pushes ban on security updates for foreign-made routers, drones to 2029

The router deadline, originally slated for March 1, 2027, has been pushed back to at least January 1, 2029, according to the announcement from the FCC’s Office of Engineering and Technology (OET).

The Record