AI Security Open Source Hardware Apple Policy

#auth-bypass

Related: #cpanel · 1 #credential-theft · 1 #cve-2026-41940 · 1 #security · 1 #supply-chain · 1 #watchtowr · 1 #web-hosting · 1

WatchTowr Labs disclosure illustration for the cPanel and WHM authentication bypass CVE-2026-41940

Security·just now

70 million domains had a no-password root bypass. cPanel rushed an emergency patch.

cPanel shipped fixes April 28 for a CVSS 9.8 auth bypass that walks attackers into shared-hosting panels with no password. WatchTowr says exploitation started before the patch.