cPanel’s authentication bypass bug is being exploited in the wild, CISA warns | CyberScoop<\/title> <meta name=\"description\" content=\"A severe cPanel authentication bypass (CVE-2026-41940) with a 9.8 CVSS score is being exploited in the wild. Over 1.5 million instances are potentially at risk; CISA has added the flaw to its KEV list. Patch immediately to prevent unauthorized server access.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"cPanel's authentication bypass bug is being exploited in the wild, CISA warns\"> <meta property=\"og:description\" content=\"A severe cPanel authentication bypass (CVE-2026-41940) with a 9.8 CVSS score is being exploited in the wild. Over 1.5 million instances are potentially at risk; CISA has added the flaw to its KEV list. Patch immediately to prevent unauthorized server access.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-30T20:49:07+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-30T20:49:10+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg\"> <meta property=\"og:image:width\" content=\"2122\"> <meta property=\"og:image:height\" content=\"1413\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1777394973g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88814\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88814\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88814 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.892307692308\">\n<div class=\"single-article__header-content\" readability=\"35.421333333333\">\n<p> The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88814\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg 2122w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=1536,1023 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=2048,1364 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-2.jpg?resize=1266,843 1266w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.645032451323\"><body readability=\"64.387573964497\"><\/p>\n<p>A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers.<\/p>\n<p>The vulnerability, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-41940\">CVE-2026-41940<\/a>, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as well as <a href=\"https:\/\/docs.wpsquared.com\/changelogs\/versions\/changelog\/#13617\">WP Squared<\/a>, a WordPress hosting management panel built on the cPanel platform. Internet scans conducted by security firm Rapid7 using the Shodan search engine <a href=\"https:\/\/www.rapid7.com\/blog\/post\/etr-cve-2026-41940-cpanel-whm-authentication-bypass\/\">identified approximately 1.5 million<\/a> cPanel instances exposed online, though the precise number of vulnerable systems remains unknown.<\/p>\n<p><a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026\">cPanel released a patch<\/a> Tuesday. By that point, exploitation had already been underway. KnownHost, a hosting provider that relies on cPanel, <a href=\"https:\/\/www.knownhost.com\/forums\/threads\/cpanel-zero-day-exploit-network-wide-protections-in-place-for-cpanel-and-whm-logins-ports.6599\/\">said earlier this week<\/a> that successful exploits had been observed in the wild prior to any fix being made available. <\/p>\n<p>The Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/04\/30\/cisa-adds-one-known-exploited-vulnerability-catalog\">added the CVE<\/a> to its Known Exploited Vulnerabilities (KEV) list Thursday. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Cybersecurity firm watchTowr provided technical details <a href=\"https:\/\/labs.watchtowr.com\/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940\/\">in a blog posted Wednesday<\/a>: The flaw stems from improper handling of user input during the login process. When a user attempts to log in, cPanel writes data from the request into a server-side session file before verifying the user\u2019s identity. An attacker can exploit this by embedding hidden line breaks into the password field of a login request \u2014 characters cPanel fails to strip out \u2014 allowing arbitrary data to be injected directly into that file.<\/p>\n<p>Through a secondary step, also involving a deliberately malformed request, the injected data gets promoted into the session\u2019s active cache, where cPanel reads it as legitimate. Once that happens, the system sees the session as already authenticated and skips password verification entirely, granting access without ever checking the user\u2019s actual credentials.<\/p>\n<p>cPanel <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026\">has published a detection script<\/a> designed to scan session files for indicators of compromise, including sessions that contain injected authentication timestamps, pre-authentication sessions with authenticated attributes, and password fields containing embedded newlines. <a href=\"https:\/\/github.com\/watchtowrlabs\/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py?ref=labs.watchtowr.com\">WatchTowr separately released<\/a> a \u201cDetection Artifact Generator\u201d that administrators can use to verify whether their instances remain vulnerable.<\/p>\n<p>Namecheap, a major domain registrar and hosting provider, took the step of temporarily blocking connections to cPanel and WHM ports 2083 and 2087 ahead of patch availability, <a href=\"https:\/\/www.namecheap.com\/status-updates\/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026\/\">citing the need to protect customers<\/a> while an official fix was pending. The company began applying the patch after cPanel\u2019s release earlier this week.<\/p>\n<p>cPanel\u2019s patched releases address the issue across seven version branches, from 11.110.0 through 11.136.0, as well as WP Squared version 11.136.1. <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026\">The company\u2019s advisory notes<\/a> that the fix ensures potentially dangerous input is scrubbed automatically within the core session-saving process, rather than depending on each individual part of the codebase to do so separately. The patch also adds handling for cases where a per-session encryption key is missing, a condition the original code failed to account for and that attackers were able to exploit to bypass password encoding entirely.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The CVE has been given a 9.8 on the CVSS scale. <\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6864\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>cPanel’s authentication bypass bug is being exploited in the wild,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6551,452,3353,256,288,4136,2281,5199,6552],"tags":[6553,454,3357,262,294,4140,2283,5200,6554],"class_list":["post-8601","post","type-post","status-publish","format-standard","hentry","category-cpanel","category-cybersecurity-and-infrastructure-security-agency-cisa","category-rapid7","category-research","category-threats","category-vulncheck","category-vulnerability","category-watchtowr","category-website-hosting","tag-cpanel","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-rapid7","tag-research","tag-threats","tag-vulncheck","tag-vulnerability","tag-watchtowr","tag-website-hosting"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cpanel\/\" rel=\"category tag\">cPanel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr\/\" rel=\"category tag\">watchTowr<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/website-hosting\/\" rel=\"category tag\">website hosting<\/a>","tag_info":"website hosting","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8601"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8601\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8601,"date":"2026-04-30T15:49:07","date_gmt":"2026-04-30T20:49:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88814"},"modified":"2026-04-30T15:49:07","modified_gmt":"2026-04-30T20:49:07","slug":"cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/30\/cpanels-authentication-bypass-bug-is-being-exploited-in-the-wild-cisa-warns\/","title":{"rendered":"cPanel\u2019s authentication bypass bug is being exploited in the wild, CISA warns"},"content":{"rendered":"