Critical cPanel Flaw Exploited in "Sorry" Ransomware Attacks
CISA has added the critical cPanel & WHM vulnerability CVE-2026-41940 to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation.
CISA has officially added CVE-2026-41940, a critical vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared), to its Known Exploited Vulnerabilities (KEV) Catalog. This flaw involves missing authentication for critical functions, a common and dangerous attack vector that allows unauthorized actors to bypass security controls.
The inclusion of this vulnerability in the KEV catalog follows evidence of active exploitation in the wild. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate this vulnerability by the specified deadline to mitigate significant risks to the federal enterprise.
Organizations using cPanel & WHM or WP2 should verify their versions and apply necessary security updates immediately. CISA continues to monitor the threat landscape and updates the KEV catalog as new evidence of active exploitation emerges. [CISA]