Federal agencies must patch cPanel bug by Sunday, CISA says

Friday, May 1, 2026 at 04:20 PM UTC·Source: The Record

Updated: Friday, May 1, 2026 at 05:01 PM UTC

Executive Summary

Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.”

Analysis

Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.”

Indicators of Compromise (1)

CVE (1)

CVE-2026-41940

NVD MITRE CVE

Source Attribution

Originally published by The Record on May 1, 2026.

Related Threats

LOWVulnerabilityNEW

LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges

A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this week in an Austrian court, the group’s argument is that LinkedIn’s ‘Who’s

47m agoCSO Online

MEDIUMVulnerability

Trump officials are steering a cybersecurity scholarship program toward AI

The latest development has thrown scholars for a curveball, and has some worried about being “left out to dry” when it comes to job positions. The post Trump officials are steering a cybersecurity scholarship program toward AI appeared first on CyberScoop .

1h agoCyberScoop

MEDIUMVulnerability

Kalshi valuation soars to $22bn

Prediction market Kalshi has seen its valuation double to $22 billion in five months off the back of a $1 billion Series F funding round.

1h agoFinextra